{"name":"keycloak","version":"6.10.0","description":"A Pulumi package for creating and managing keycloak cloud resources.","keywords":["pulumi","keycloak"],"homepage":"https://pulumi.io","license":"Apache-2.0","attribution":"This Pulumi package is based on the [`keycloak` Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak).","repository":"https://github.com/pulumi/pulumi-keycloak","meta":{"moduleFormat":"(.*)(?:/[^/]*)"},"language":{"csharp":{"packageReferences":{"Pulumi":"3.*"},"namespaces":{"authentication":"Authentication","index":"index","keycloak":"Keycloak","ldap":"Ldap","oidc":"Oidc","openid":"OpenId","saml":"Saml"},"compatibility":"tfbridge20","respectSchemaVersion":true},"go":{"importBasePath":"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak","generateResourceContainerTypes":true,"generateExtraInputTypes":true,"respectSchemaVersion":true},"nodejs":{"packageDescription":"A Pulumi package for creating and managing keycloak cloud resources.","readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-keycloak` repo](https://github.com/keycloak/terraform-provider-keycloak/issues).","devDependencies":{"@types/mime":"^2.0.0","@types/node":"^10.0.0"},"compatibility":"tfbridge20","disableUnionOutputTypes":true,"respectSchemaVersion":true},"python":{"readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/keycloak/terraform-provider-keycloak)\n\u003e distributed under [MIT](https://mit-license.org/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-keycloak` repo](https://github.com/pulumi/pulumi-keycloak/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-keycloak` repo](https://github.com/keycloak/terraform-provider-keycloak/issues).","compatibility":"tfbridge20","respectSchemaVersion":true,"pyproject":{"enabled":true}}},"config":{"variables":{"accessToken":{"type":"string"},"additionalHeaders":{"type":"object","additionalProperties":{"type":"string"}},"adminUrl":{"type":"string","description":"The admin URL of the Keycloak instance if different from the main URL, before `/auth`"},"basePath":{"type":"string"},"clientId":{"type":"string"},"clientSecret":{"type":"string"},"clientTimeout":{"type":"integer","description":"Timeout (in seconds) of the Keycloak client","default":5,"defaultInfo":{"environment":["KEYCLOAK_CLIENT_TIMEOUT"]}},"initialLogin":{"type":"boolean","description":"Whether or not to login to Keycloak instance on provider initialization"},"jwtSigningAlg":{"type":"string","description":"The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256."},"jwtSigningKey":{"type":"string","description":"The PEM-formatted private key used to sign the JWT when client-jwt is used.","secret":true},"jwtToken":{"type":"string","description":"A signed JWT token used for client authentication.","secret":true},"jwtTokenFile":{"type":"string","description":"A path to a file containing a signed JWT token used for client authentication."},"password":{"type":"string"},"realm":{"type":"string"},"redHatSso":{"type":"boolean","description":"When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint."},"rootCaCertificate":{"type":"string","description":"Allows x509 calls using an unknown CA certificate (for development purposes)"},"tlsClientCertificate":{"type":"string","description":"TLS client certificate as PEM string for mutual authentication"},"tlsClientPrivateKey":{"type":"string","description":"TLS client private key as PEM string for mutual authentication"},"tlsInsecureSkipVerify":{"type":"boolean","description":"Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided."},"url":{"type":"string","description":"The base URL of the Keycloak instance, before `/auth`"},"username":{"type":"string"}},"defaults":["clientId","url"]},"types":{"keycloak:index/GroupPermissionsManageMembersScope:GroupPermissionsManageMembersScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/GroupPermissionsManageMembershipScope:GroupPermissionsManageMembershipScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/GroupPermissionsManageScope:GroupPermissionsManageScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/GroupPermissionsViewMembersScope:GroupPermissionsViewMembersScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/GroupPermissionsViewScope:GroupPermissionsViewScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/OrganizationDomain:OrganizationDomain":{"properties":{"name":{"type":"string","description":"The name of the organization.\n"},"verified":{"type":"boolean","description":"Whether domain is verified or not. Default is false.\n"}},"type":"object","required":["name"]},"keycloak:index/RealmClientPolicyProfileExecutor:RealmClientPolicyProfileExecutor":{"properties":{"configuration":{"type":"object","additionalProperties":{"type":"string"}},"name":{"type":"string"}},"type":"object","required":["name"]},"keycloak:index/RealmClientPolicyProfilePolicyCondition:RealmClientPolicyProfilePolicyCondition":{"properties":{"configuration":{"type":"object","additionalProperties":{"type":"string"}},"name":{"type":"string"}},"type":"object","required":["name"]},"keycloak:index/RealmInternationalization:RealmInternationalization":{"properties":{"defaultLocale":{"type":"string","description":"The locale to use by default. This locale code must be present within the \u003cspan pulumi-lang-nodejs=\"`supportedLocales`\" pulumi-lang-dotnet=\"`SupportedLocales`\" pulumi-lang-go=\"`supportedLocales`\" pulumi-lang-python=\"`supported_locales`\" pulumi-lang-yaml=\"`supportedLocales`\" pulumi-lang-java=\"`supportedLocales`\"\u003e`supported_locales`\u003c/span\u003e list.\n"},"supportedLocales":{"type":"array","items":{"type":"string"},"description":"A list of [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) locale codes that the realm should support.\n"}},"type":"object","required":["defaultLocale","supportedLocales"]},"keycloak:index/RealmOtpPolicy:RealmOtpPolicy":{"properties":{"algorithm":{"type":"string","description":"What hashing algorithm should be used to generate the OTP, Valid options are `HmacSHA1`,`HmacSHA256` and `HmacSHA512`. Defaults to `HmacSHA1`.\n"},"digits":{"type":"integer","description":"How many digits the OTP have. Defaults to \u003cspan pulumi-lang-nodejs=\"`6`\" pulumi-lang-dotnet=\"`6`\" pulumi-lang-go=\"`6`\" pulumi-lang-python=\"`6`\" pulumi-lang-yaml=\"`6`\" pulumi-lang-java=\"`6`\"\u003e`6`\u003c/span\u003e.\n"},"initialCounter":{"type":"integer","description":"What should the initial counter value be. Defaults to \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e.\n"},"lookAheadWindow":{"type":"integer","description":"How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e.\n"},"period":{"type":"integer","description":"How many seconds should an OTP token be valid. Defaults to \u003cspan pulumi-lang-nodejs=\"`30`\" pulumi-lang-dotnet=\"`30`\" pulumi-lang-go=\"`30`\" pulumi-lang-python=\"`30`\" pulumi-lang-yaml=\"`30`\" pulumi-lang-java=\"`30`\"\u003e`30`\u003c/span\u003e.\n"},"type":{"type":"string","description":"One Time Password Type, supported Values are \u003cspan pulumi-lang-nodejs=\"`totp`\" pulumi-lang-dotnet=\"`Totp`\" pulumi-lang-go=\"`totp`\" pulumi-lang-python=\"`totp`\" pulumi-lang-yaml=\"`totp`\" pulumi-lang-java=\"`totp`\"\u003e`totp`\u003c/span\u003e for Time-Based One Time Password and \u003cspan pulumi-lang-nodejs=\"`hotp`\" pulumi-lang-dotnet=\"`Hotp`\" pulumi-lang-go=\"`hotp`\" pulumi-lang-python=\"`hotp`\" pulumi-lang-yaml=\"`hotp`\" pulumi-lang-java=\"`hotp`\"\u003e`hotp`\u003c/span\u003e for Counter Based. Defaults to \u003cspan pulumi-lang-nodejs=\"`totp`\" pulumi-lang-dotnet=\"`Totp`\" pulumi-lang-go=\"`totp`\" pulumi-lang-python=\"`totp`\" pulumi-lang-yaml=\"`totp`\" pulumi-lang-java=\"`totp`\"\u003e`totp`\u003c/span\u003e.\n"}},"type":"object"},"keycloak:index/RealmSecurityDefenses:RealmSecurityDefenses":{"properties":{"bruteForceDetection":{"$ref":"#/types/keycloak:index/RealmSecurityDefensesBruteForceDetection:RealmSecurityDefensesBruteForceDetection"},"headers":{"$ref":"#/types/keycloak:index/RealmSecurityDefensesHeaders:RealmSecurityDefensesHeaders"}},"type":"object"},"keycloak:index/RealmSecurityDefensesBruteForceDetection:RealmSecurityDefensesBruteForceDetection":{"properties":{"failureResetTimeSeconds":{"type":"integer","description":"When will failure count be reset?\n"},"maxFailureWaitSeconds":{"type":"integer"},"maxLoginFailures":{"type":"integer","description":"How many failures before wait is triggered.\n"},"maxTemporaryLockouts":{"type":"integer","description":"How many temporary lockouts are permitted before a user is permanently locked out. \u003cspan pulumi-lang-nodejs=\"`permanentLockout`\" pulumi-lang-dotnet=\"`PermanentLockout`\" pulumi-lang-go=\"`permanentLockout`\" pulumi-lang-python=\"`permanent_lockout`\" pulumi-lang-yaml=\"`permanentLockout`\" pulumi-lang-java=\"`permanentLockout`\"\u003e`permanent_lockout`\u003c/span\u003e needs to be \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"minimumQuickLoginWaitSeconds":{"type":"integer","description":"How long to wait after a quick login failure.\n- \u003cspan pulumi-lang-nodejs=\"`maxFailureWaitSeconds \" pulumi-lang-dotnet=\"`MaxFailureWaitSeconds \" pulumi-lang-go=\"`maxFailureWaitSeconds \" pulumi-lang-python=\"`max_failure_wait_seconds \" pulumi-lang-yaml=\"`maxFailureWaitSeconds \" pulumi-lang-java=\"`maxFailureWaitSeconds \"\u003e`max_failure_wait_seconds \u003c/span\u003e` - (Optional) Max. time a user will be locked out.\n"},"permanentLockout":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this will lock the user permanently when the user exceeds the maximum login failures.\n"},"quickLoginCheckMilliSeconds":{"type":"integer","description":"Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.\n"},"waitIncrementSeconds":{"type":"integer","description":"This represents the amount of time a user should be locked out when the login failure threshold has been met.\n"}},"type":"object"},"keycloak:index/RealmSecurityDefensesHeaders:RealmSecurityDefensesHeaders":{"properties":{"contentSecurityPolicy":{"type":"string","description":"Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the [W3C-CSP](https://www.w3.org/TR/CSP/) Abstract.\n"},"contentSecurityPolicyReportOnly":{"type":"string","description":"Used for testing Content Security Policies.\n"},"referrerPolicy":{"type":"string","description":"The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.\n"},"strictTransportSecurity":{"type":"string","description":"The Script-Transport-Security HTTP header tells browsers to always use HTTPS.\n"},"xContentTypeOptions":{"type":"string","description":"Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type\n"},"xFrameOptions":{"type":"string","description":"Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the [RFC7034](https://tools.ietf.org/html/rfc7034)\n"},"xRobotsTag":{"type":"string","description":"Prevent pages from appearing in search engines.\n"},"xXssProtection":{"type":"string","description":"This header configures the Cross-site scripting (XSS) filter in your browser.\n"}},"type":"object"},"keycloak:index/RealmSmtpServer:RealmSmtpServer":{"properties":{"allowUtf8":{"type":"boolean"},"auth":{"$ref":"#/types/keycloak:index/RealmSmtpServerAuth:RealmSmtpServerAuth","description":"Enables authentication to the SMTP server. Cannot be set alongside \u003cspan pulumi-lang-nodejs=\"`tokenAuth`\" pulumi-lang-dotnet=\"`TokenAuth`\" pulumi-lang-go=\"`tokenAuth`\" pulumi-lang-python=\"`token_auth`\" pulumi-lang-yaml=\"`tokenAuth`\" pulumi-lang-java=\"`tokenAuth`\"\u003e`token_auth`\u003c/span\u003e. This block supports the following arguments:\n"},"envelopeFrom":{"type":"string","description":"The email address uses for bounces.\n"},"from":{"type":"string","description":"The email address for the sender.\n"},"fromDisplayName":{"type":"string","description":"The display name of the sender email address.\n"},"host":{"type":"string","description":"The host of the SMTP server.\n"},"port":{"type":"string","description":"The port of the SMTP server (defaults to 25).\n"},"replyTo":{"type":"string","description":"The \"reply to\" email address.\n"},"replyToDisplayName":{"type":"string","description":"The display name of the \"reply to\" email address.\n"},"ssl":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, enables SSL. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"starttls":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, enables StartTLS. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"tokenAuth":{"$ref":"#/types/keycloak:index/RealmSmtpServerTokenAuth:RealmSmtpServerTokenAuth","description":"Enables authentication to the SMTP server through OAUTH2. Cannot be set alongside \u003cspan pulumi-lang-nodejs=\"`auth`\" pulumi-lang-dotnet=\"`Auth`\" pulumi-lang-go=\"`auth`\" pulumi-lang-python=\"`auth`\" pulumi-lang-yaml=\"`auth`\" pulumi-lang-java=\"`auth`\"\u003e`auth`\u003c/span\u003e. This block supports the following arguments:\n"}},"type":"object","required":["from","host"]},"keycloak:index/RealmSmtpServerAuth:RealmSmtpServerAuth":{"properties":{"password":{"type":"string","description":"The SMTP server password.\n","secret":true},"username":{"type":"string"}},"type":"object","required":["password","username"]},"keycloak:index/RealmSmtpServerTokenAuth:RealmSmtpServerTokenAuth":{"properties":{"clientId":{"type":"string","description":"The auth token client ID.\n"},"clientSecret":{"type":"string","description":"The auth token client secret.\n","secret":true},"scope":{"type":"string","description":"The auth token scope.\n"},"url":{"type":"string","description":"The auth token URL.\n"},"username":{"type":"string"}},"type":"object","required":["clientId","clientSecret","scope","url","username"]},"keycloak:index/RealmUserProfileAttribute:RealmUserProfileAttribute":{"properties":{"annotations":{"type":"object","additionalProperties":{"type":"string"}},"displayName":{"type":"string","description":"The display name of the attribute.\n"},"enabledWhenScopes":{"type":"array","items":{"type":"string"},"description":"A list of scopes. The attribute will only be enabled when these scopes are requested by clients.\n"},"group":{"type":"string","description":"A list of groups.\n"},"multiValued":{"type":"boolean","description":"If the attribute supports multiple values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string"},"permissions":{"$ref":"#/types/keycloak:index/RealmUserProfileAttributePermissions:RealmUserProfileAttributePermissions","description":"The permissions configuration information.\n"},"requiredForRoles":{"type":"array","items":{"type":"string"},"description":"A list of roles for which the attribute will be required.\n"},"requiredForScopes":{"type":"array","items":{"type":"string"},"description":"A list of scopes for which the attribute will be required.\n"},"validators":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmUserProfileAttributeValidator:RealmUserProfileAttributeValidator"},"description":"A list of validators for the attribute.\n"}},"type":"object","required":["name"]},"keycloak:index/RealmUserProfileAttributePermissions:RealmUserProfileAttributePermissions":{"properties":{"edits":{"type":"array","items":{"type":"string"},"description":"A list of profiles that will be able to edit the attribute. One of \u003cspan pulumi-lang-nodejs=\"`admin`\" pulumi-lang-dotnet=\"`Admin`\" pulumi-lang-go=\"`admin`\" pulumi-lang-python=\"`admin`\" pulumi-lang-yaml=\"`admin`\" pulumi-lang-java=\"`admin`\"\u003e`admin`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e.\n"},"views":{"type":"array","items":{"type":"string"},"description":"A list of profiles that will be able to view the attribute. One of \u003cspan pulumi-lang-nodejs=\"`admin`\" pulumi-lang-dotnet=\"`Admin`\" pulumi-lang-go=\"`admin`\" pulumi-lang-python=\"`admin`\" pulumi-lang-yaml=\"`admin`\" pulumi-lang-java=\"`admin`\"\u003e`admin`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e.\n"}},"type":"object","required":["edits","views"]},"keycloak:index/RealmUserProfileAttributeValidator:RealmUserProfileAttributeValidator":{"properties":{"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map defining the configuration of the validator. Values can be a String or a json object.\n"},"name":{"type":"string"}},"type":"object","required":["name"]},"keycloak:index/RealmUserProfileGroup:RealmUserProfileGroup":{"properties":{"annotations":{"type":"object","additionalProperties":{"type":"string"}},"displayDescription":{"type":"string","description":"The display description of the group.\n"},"displayHeader":{"type":"string","description":"The display header of the group.\n"},"name":{"type":"string"}},"type":"object","required":["name"]},"keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy":{"properties":{"acceptableAaguids":{"type":"array","items":{"type":"string"},"description":"A set of AAGUIDs for which an authenticator can be registered.\n"},"attestationConveyancePreference":{"type":"string","description":"Either none, indirect or direct\n"},"authenticatorAttachment":{"type":"string","description":"Either platform or cross-platform\n"},"avoidSameAuthenticatorRegister":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"createTimeout":{"type":"integer","description":"The timeout value for creating a user's public key credential in seconds. When set to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e, this timeout option is not adapted. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"extraOrigins":{"type":"array","items":{"type":"string"},"description":"A set of extra origins for non-web applications.\n"},"relyingPartyEntityName":{"type":"string","description":"A human-readable server name for the WebAuthn Relying Party. Defaults to \u003cspan pulumi-lang-nodejs=\"`keycloak`\" pulumi-lang-dotnet=\"`Keycloak`\" pulumi-lang-go=\"`keycloak`\" pulumi-lang-python=\"`keycloak`\" pulumi-lang-yaml=\"`keycloak`\" pulumi-lang-java=\"`keycloak`\"\u003e`keycloak`\u003c/span\u003e.\n"},"relyingPartyId":{"type":"string","description":"The WebAuthn relying party ID.\n"},"requireResidentKey":{"type":"string","description":"Either Yes or No\n"},"signatureAlgorithms":{"type":"array","items":{"type":"string"},"description":"Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing\n"},"userVerificationRequirement":{"type":"string","description":"Either required, preferred or discouraged\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["signatureAlgorithms"]}}},"keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy":{"properties":{"acceptableAaguids":{"type":"array","items":{"type":"string"},"description":"A set of AAGUIDs for which an authenticator can be registered.\n"},"attestationConveyancePreference":{"type":"string","description":"Either none, indirect or direct\n"},"authenticatorAttachment":{"type":"string","description":"Either platform or cross-platform\n"},"avoidSameAuthenticatorRegister":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"createTimeout":{"type":"integer","description":"The timeout value for creating a user's public key credential in seconds. When set to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e, this timeout option is not adapted. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"extraOrigins":{"type":"array","items":{"type":"string"},"description":"A set of extra origins for non-web applications.\n"},"relyingPartyEntityName":{"type":"string","description":"A human-readable server name for the WebAuthn Relying Party. Defaults to \u003cspan pulumi-lang-nodejs=\"`keycloak`\" pulumi-lang-dotnet=\"`Keycloak`\" pulumi-lang-go=\"`keycloak`\" pulumi-lang-python=\"`keycloak`\" pulumi-lang-yaml=\"`keycloak`\" pulumi-lang-java=\"`keycloak`\"\u003e`keycloak`\u003c/span\u003e.\n"},"relyingPartyId":{"type":"string","description":"The WebAuthn relying party ID.\n"},"requireResidentKey":{"type":"string","description":"Either Yes or No\n"},"signatureAlgorithms":{"type":"array","items":{"type":"string"},"description":"Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing\n"},"userVerificationRequirement":{"type":"string","description":"Either required, preferred or discouraged\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["signatureAlgorithms"]}}},"keycloak:index/UserFederatedIdentity:UserFederatedIdentity":{"properties":{"identityProvider":{"type":"string","description":"The name of the identity provider\n"},"userId":{"type":"string","description":"The ID of the user defined in the identity provider\n"},"userName":{"type":"string","description":"The username of the user defined in the identity provider\n"}},"type":"object","required":["identityProvider","userId","userName"]},"keycloak:index/UserInitialPassword:UserInitialPassword":{"properties":{"temporary":{"type":"boolean","description":"If set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the initial password is set up for renewal on first use. Default to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"value":{"type":"string","description":"The initial password.\n","secret":true}},"type":"object","required":["value"]},"keycloak:index/UsersPermissionsImpersonateScope:UsersPermissionsImpersonateScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/UsersPermissionsManageGroupMembershipScope:UsersPermissionsManageGroupMembershipScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/UsersPermissionsManageScope:UsersPermissionsManageScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/UsersPermissionsMapRolesScope:UsersPermissionsMapRolesScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/UsersPermissionsUserImpersonatedScope:UsersPermissionsUserImpersonatedScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/UsersPermissionsViewScope:UsersPermissionsViewScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:index/getClientDescriptionConverterProtocolMapper:getClientDescriptionConverterProtocolMapper":{"properties":{"config":{"type":"object","additionalProperties":{"type":"string"}},"id":{"type":"string"},"name":{"type":"string"},"protocol":{"type":"string"},"protocolMapper":{"type":"string"}},"type":"object","required":["config","id","name","protocol","protocolMapper"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getOrganizationDomain:getOrganizationDomain":{"properties":{"name":{"type":"string","description":"The organization name.\n"},"verified":{"type":"boolean"}},"type":"object","required":["name","verified"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmInternationalization:getRealmInternationalization":{"properties":{"defaultLocale":{"type":"string"},"supportedLocales":{"type":"array","items":{"type":"string"}}},"type":"object","required":["defaultLocale","supportedLocales"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmKeysKey:getRealmKeysKey":{"properties":{"algorithm":{"type":"string","description":"Key algorithm (string)\n"},"certificate":{"type":"string","description":"Key certificate (string)\n"},"kid":{"type":"string","description":"Key ID (string)\n"},"providerId":{"type":"string","description":"Key provider ID (string)\n"},"providerPriority":{"type":"integer","description":"Key provider priority (int64)\n"},"publicKey":{"type":"string","description":"Key public key (string)\n"},"status":{"type":"string","description":"When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`.\n"},"type":{"type":"string","description":"Key type (string)\n"}},"type":"object","required":["algorithm","certificate","kid","providerId","providerPriority","publicKey","status","type"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmOtpPolicy:getRealmOtpPolicy":{"properties":{"algorithm":{"type":"string"},"digits":{"type":"integer"},"initialCounter":{"type":"integer"},"lookAheadWindow":{"type":"integer"},"period":{"type":"integer"},"type":{"type":"string"}},"type":"object","required":["algorithm","digits","initialCounter","lookAheadWindow","period","type"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmSecurityDefense:getRealmSecurityDefense":{"properties":{"bruteForceDetections":{"type":"array","items":{"$ref":"#/types/keycloak:index/getRealmSecurityDefenseBruteForceDetection:getRealmSecurityDefenseBruteForceDetection"}},"headers":{"type":"array","items":{"$ref":"#/types/keycloak:index/getRealmSecurityDefenseHeader:getRealmSecurityDefenseHeader"}}},"type":"object","required":["bruteForceDetections","headers"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmSecurityDefenseBruteForceDetection:getRealmSecurityDefenseBruteForceDetection":{"properties":{"failureResetTimeSeconds":{"type":"integer"},"maxFailureWaitSeconds":{"type":"integer"},"maxLoginFailures":{"type":"integer"},"maxTemporaryLockouts":{"type":"integer"},"minimumQuickLoginWaitSeconds":{"type":"integer"},"permanentLockout":{"type":"boolean"},"quickLoginCheckMilliSeconds":{"type":"integer"},"waitIncrementSeconds":{"type":"integer"}},"type":"object","required":["failureResetTimeSeconds","maxFailureWaitSeconds","maxLoginFailures","maxTemporaryLockouts","minimumQuickLoginWaitSeconds","permanentLockout","quickLoginCheckMilliSeconds","waitIncrementSeconds"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmSecurityDefenseHeader:getRealmSecurityDefenseHeader":{"properties":{"contentSecurityPolicy":{"type":"string"},"contentSecurityPolicyReportOnly":{"type":"string"},"referrerPolicy":{"type":"string"},"strictTransportSecurity":{"type":"string"},"xContentTypeOptions":{"type":"string"},"xFrameOptions":{"type":"string"},"xRobotsTag":{"type":"string"},"xXssProtection":{"type":"string"}},"type":"object","required":["contentSecurityPolicy","contentSecurityPolicyReportOnly","referrerPolicy","strictTransportSecurity","xContentTypeOptions","xFrameOptions","xRobotsTag","xXssProtection"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmSmtpServer:getRealmSmtpServer":{"properties":{"auths":{"type":"array","items":{"$ref":"#/types/keycloak:index/getRealmSmtpServerAuth:getRealmSmtpServerAuth"}},"envelopeFrom":{"type":"string"},"from":{"type":"string"},"fromDisplayName":{"type":"string"},"host":{"type":"string"},"port":{"type":"string"},"replyTo":{"type":"string"},"replyToDisplayName":{"type":"string"},"ssl":{"type":"boolean"},"starttls":{"type":"boolean"},"tokenAuths":{"type":"array","items":{"$ref":"#/types/keycloak:index/getRealmSmtpServerTokenAuth:getRealmSmtpServerTokenAuth"}}},"type":"object","required":["auths","envelopeFrom","from","fromDisplayName","host","port","replyTo","replyToDisplayName","ssl","starttls","tokenAuths"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmSmtpServerAuth:getRealmSmtpServerAuth":{"properties":{"password":{"type":"string","secret":true},"username":{"type":"string"}},"type":"object","required":["password","username"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmSmtpServerTokenAuth:getRealmSmtpServerTokenAuth":{"properties":{"clientId":{"type":"string"},"clientSecret":{"type":"string","secret":true},"scope":{"type":"string"},"url":{"type":"string"},"username":{"type":"string"}},"type":"object","required":["clientId","clientSecret","scope","url","username"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmWebAuthnPasswordlessPolicy:getRealmWebAuthnPasswordlessPolicy":{"properties":{"acceptableAaguids":{"type":"array","items":{"type":"string"}},"attestationConveyancePreference":{"type":"string","description":"Either none, indirect or direct\n"},"authenticatorAttachment":{"type":"string","description":"Either platform or cross-platform\n"},"avoidSameAuthenticatorRegister":{"type":"boolean"},"createTimeout":{"type":"integer"},"extraOrigins":{"type":"array","items":{"type":"string"}},"relyingPartyEntityName":{"type":"string"},"relyingPartyId":{"type":"string"},"requireResidentKey":{"type":"string","description":"Either Yes or No\n"},"signatureAlgorithms":{"type":"array","items":{"type":"string"},"description":"Keycloak lists ES256, ES384, ES512, RS256, ES384, ES512 at the time of writing\n"},"userVerificationRequirement":{"type":"string","description":"Either required, preferred or discouraged\n"}},"type":"object","required":["acceptableAaguids","attestationConveyancePreference","authenticatorAttachment","avoidSameAuthenticatorRegister","createTimeout","extraOrigins","relyingPartyEntityName","relyingPartyId","requireResidentKey","signatureAlgorithms","userVerificationRequirement"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:index/getRealmWebAuthnPolicy:getRealmWebAuthnPolicy":{"properties":{"acceptableAaguids":{"type":"array","items":{"type":"string"}},"attestationConveyancePreference":{"type":"string","description":"Either none, indirect or direct\n"},"authenticatorAttachment":{"type":"string","description":"Either platform or cross-platform\n"},"avoidSameAuthenticatorRegister":{"type":"boolean"},"createTimeout":{"type":"integer"},"extraOrigins":{"type":"array","items":{"type":"string"}},"relyingPartyEntityName":{"type":"string"},"relyingPartyId":{"type":"string"},"requireResidentKey":{"type":"string","description":"Either Yes or No\n"},"signatureAlgorithms":{"type":"array","items":{"type":"string"},"description":"Keycloak lists ES256, ES384, ES512, RS256, ES384, ES512 at the time of writing\n"},"userVerificationRequirement":{"type":"string","description":"Either required, preferred or discouraged\n"}},"type":"object","required":["acceptableAaguids","attestationConveyancePreference","authenticatorAttachment","avoidSameAuthenticatorRegister","createTimeout","extraOrigins","relyingPartyEntityName","relyingPartyId","requireResidentKey","signatureAlgorithms","userVerificationRequirement"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:ldap/UserFederationCache:UserFederationCache":{"properties":{"evictionDay":{"type":"integer","description":"Day of the week the entry will become invalid on\n"},"evictionHour":{"type":"integer","description":"Hour of day the entry will become invalid on.\n"},"evictionMinute":{"type":"integer","description":"Minute of day the entry will become invalid on.\n"},"maxLifespan":{"type":"string","description":"Max lifespan of cache entry (duration string).\n"},"policy":{"type":"string","description":"Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n"}},"type":"object"},"keycloak:ldap/UserFederationKerberos:UserFederationKerberos":{"properties":{"kerberosRealm":{"type":"string","description":"The name of the kerberos realm, e.g. FOO.LOCAL.\n"},"keyTab":{"type":"string","description":"Path to the kerberos keytab file on the server with credentials of the service principal.\n"},"serverPrincipal":{"type":"string","description":"The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.\n"},"useKerberosForPasswordAuthentication":{"type":"boolean","description":"Use kerberos login module instead of ldap service api. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object","required":["kerberosRealm","keyTab","serverPrincipal"]},"keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides":{"properties":{"browserId":{"type":"string","description":"Browser flow id, (flow needs to exist)\n"},"directGrantId":{"type":"string","description":"Direct grant flow id (flow needs to exist)\n"}},"type":"object"},"keycloak:openid/ClientAuthorization:ClientAuthorization":{"properties":{"allowRemoteResourceManagement":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, resources can be managed remotely by the resource server. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"decisionStrategy":{"type":"string","description":"Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions.\n"},"keepDefaults":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, defaults set by Keycloak will be respected. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"policyEnforcementMode":{"type":"string","description":"Dictates how policies are enforced when evaluating authorization requests. Can be one of `ENFORCING`, `PERMISSIVE`, or `DISABLED`.\n"}},"type":"object","required":["policyEnforcementMode"]},"keycloak:openid/ClientAuthorizationClientScopePolicyScope:ClientAuthorizationClientScopePolicyScope":{"properties":{"id":{"type":"string"},"required":{"type":"boolean"}},"type":"object","required":["id"]},"keycloak:openid/ClientGroupPolicyGroup:ClientGroupPolicyGroup":{"properties":{"extendChildren":{"type":"boolean"},"id":{"type":"string"},"path":{"type":"string"}},"type":"object","required":["extendChildren","id","path"]},"keycloak:openid/ClientPermissionsConfigureScope:ClientPermissionsConfigureScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:openid/ClientPermissionsManageScope:ClientPermissionsManageScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:openid/ClientPermissionsMapRolesClientScopeScope:ClientPermissionsMapRolesClientScopeScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:openid/ClientPermissionsMapRolesCompositeScope:ClientPermissionsMapRolesCompositeScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:openid/ClientPermissionsMapRolesScope:ClientPermissionsMapRolesScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:openid/ClientPermissionsTokenExchangeScope:ClientPermissionsTokenExchangeScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:openid/ClientPermissionsViewScope:ClientPermissionsViewScope":{"properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}}},"type":"object"},"keycloak:openid/ClientRolePolicyRole:ClientRolePolicyRole":{"properties":{"id":{"type":"string"},"required":{"type":"boolean"}},"type":"object","required":["id","required"]},"keycloak:openid/getClientAuthenticationFlowBindingOverride:getClientAuthenticationFlowBindingOverride":{"properties":{"browserId":{"type":"string"},"directGrantId":{"type":"string"}},"type":"object","required":["browserId","directGrantId"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:openid/getClientAuthorization:getClientAuthorization":{"properties":{"allowRemoteResourceManagement":{"type":"boolean"},"decisionStrategy":{"type":"string"},"keepDefaults":{"type":"boolean"},"policyEnforcementMode":{"type":"string"}},"type":"object","required":["allowRemoteResourceManagement","decisionStrategy","keepDefaults","policyEnforcementMode"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:openid/getClientServiceAccountUserFederatedIdentity:getClientServiceAccountUserFederatedIdentity":{"properties":{"identityProvider":{"type":"string"},"userId":{"type":"string"},"userName":{"type":"string"}},"type":"object","required":["identityProvider","userId","userName"],"language":{"nodejs":{"requiredInputs":[]}}},"keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides":{"properties":{"browserId":{"type":"string","description":"Browser flow id, (flow needs to exist)\n"},"directGrantId":{"type":"string","description":"Direct grant flow id (flow needs to exist)\n"}},"type":"object"},"keycloak:saml/getClientAuthenticationFlowBindingOverride:getClientAuthenticationFlowBindingOverride":{"properties":{"browserId":{"type":"string"},"directGrantId":{"type":"string"}},"type":"object","required":["browserId","directGrantId"],"language":{"nodejs":{"requiredInputs":[]}}}},"provider":{"description":"The provider type for the keycloak package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n","properties":{"accessToken":{"type":"string"},"additionalHeaders":{"type":"object","additionalProperties":{"type":"string"}},"adminUrl":{"type":"string","description":"The admin URL of the Keycloak instance if different from the main URL, before `/auth`"},"basePath":{"type":"string"},"clientId":{"type":"string"},"clientSecret":{"type":"string"},"clientTimeout":{"type":"integer","description":"Timeout (in seconds) of the Keycloak client"},"initialLogin":{"type":"boolean","description":"Whether or not to login to Keycloak instance on provider initialization"},"jwtSigningAlg":{"type":"string","description":"The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256."},"jwtSigningKey":{"type":"string","description":"The PEM-formatted private key used to sign the JWT when client-jwt is used.","secret":true},"jwtToken":{"type":"string","description":"A signed JWT token used for client authentication.","secret":true},"jwtTokenFile":{"type":"string","description":"A path to a file containing a signed JWT token used for client authentication."},"password":{"type":"string"},"realm":{"type":"string"},"redHatSso":{"type":"boolean","description":"When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint."},"rootCaCertificate":{"type":"string","description":"Allows x509 calls using an unknown CA certificate (for development purposes)"},"tlsClientCertificate":{"type":"string","description":"TLS client certificate as PEM string for mutual authentication"},"tlsClientPrivateKey":{"type":"string","description":"TLS client private key as PEM string for mutual authentication"},"tlsInsecureSkipVerify":{"type":"boolean","description":"Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided."},"url":{"type":"string","description":"The base URL of the Keycloak instance, before `/auth`"},"username":{"type":"string"}},"inputProperties":{"accessToken":{"type":"string"},"additionalHeaders":{"type":"object","additionalProperties":{"type":"string"}},"adminUrl":{"type":"string","description":"The admin URL of the Keycloak instance if different from the main URL, before `/auth`"},"basePath":{"type":"string"},"clientId":{"type":"string"},"clientSecret":{"type":"string"},"clientTimeout":{"type":"integer","description":"Timeout (in seconds) of the Keycloak client","default":5,"defaultInfo":{"environment":["KEYCLOAK_CLIENT_TIMEOUT"]}},"initialLogin":{"type":"boolean","description":"Whether or not to login to Keycloak instance on provider initialization"},"jwtSigningAlg":{"type":"string","description":"The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256."},"jwtSigningKey":{"type":"string","description":"The PEM-formatted private key used to sign the JWT when client-jwt is used.","secret":true},"jwtToken":{"type":"string","description":"A signed JWT token used for client authentication.","secret":true},"jwtTokenFile":{"type":"string","description":"A path to a file containing a signed JWT token used for client authentication."},"password":{"type":"string"},"realm":{"type":"string"},"redHatSso":{"type":"boolean","description":"When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint."},"rootCaCertificate":{"type":"string","description":"Allows x509 calls using an unknown CA certificate (for development purposes)"},"tlsClientCertificate":{"type":"string","description":"TLS client certificate as PEM string for mutual authentication"},"tlsClientPrivateKey":{"type":"string","description":"TLS client private key as PEM string for mutual authentication"},"tlsInsecureSkipVerify":{"type":"boolean","description":"Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided."},"url":{"type":"string","description":"The base URL of the Keycloak instance, before `/auth`"},"username":{"type":"string"}},"methods":{"terraformConfig":"pulumi:providers:keycloak/terraformConfig"}},"resources":{"keycloak:authentication/bindings:Bindings":{"description":"Allows for creating and managing realm authentication flow bindings within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\nRealms assign authentication flows to supported user flows such as \u003cspan pulumi-lang-nodejs=\"`registration`\" pulumi-lang-dotnet=\"`Registration`\" pulumi-lang-go=\"`registration`\" pulumi-lang-python=\"`registration`\" pulumi-lang-yaml=\"`registration`\" pulumi-lang-java=\"`registration`\"\u003e`registration`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`browser`\" pulumi-lang-dotnet=\"`Browser`\" pulumi-lang-go=\"`browser`\" pulumi-lang-python=\"`browser`\" pulumi-lang-yaml=\"`browser`\" pulumi-lang-java=\"`browser`\"\u003e`browser`\u003c/span\u003e. This resource allows the\nupdating of realm authentication flow bindings to custom authentication flows created by \u003cspan pulumi-lang-nodejs=\"`keycloak.authentication.Flow`\" pulumi-lang-dotnet=\"`keycloak.authentication.Flow`\" pulumi-lang-go=\"`authentication.Flow`\" pulumi-lang-python=\"`authentication.Flow`\" pulumi-lang-yaml=\"`keycloak.authentication.Flow`\" pulumi-lang-java=\"`keycloak.authentication.Flow`\"\u003e`keycloak.authentication.Flow`\u003c/span\u003e.\n\nNote that you can also use the \u003cspan pulumi-lang-nodejs=\"`keycloak.Realm`\" pulumi-lang-dotnet=\"`keycloak.Realm`\" pulumi-lang-go=\"`Realm`\" pulumi-lang-python=\"`Realm`\" pulumi-lang-yaml=\"`keycloak.Realm`\" pulumi-lang-java=\"`keycloak.Realm`\"\u003e`keycloak.Realm`\u003c/span\u003e resource to assign authentication flow bindings at the realm level. This\nresource is useful if you would like to create a realm and an authentication flow, and assign this flow to the realm within\na single run of `pulumi up`. In any case, do not attempt to use both the arguments within the \u003cspan pulumi-lang-nodejs=\"`keycloak.Realm`\" pulumi-lang-dotnet=\"`keycloak.Realm`\" pulumi-lang-go=\"`Realm`\" pulumi-lang-python=\"`Realm`\" pulumi-lang-yaml=\"`keycloak.Realm`\" pulumi-lang-java=\"`keycloak.Realm`\"\u003e`keycloak.Realm`\u003c/span\u003e resource\nand this resource to manage authentication flow bindings, you should choose one or the other.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"execution_one\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"execution_two\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\nconst browserAuthenticationBinding = new keycloak.authentication.Bindings(\"browser_authentication_binding\", {\n realmId: realm.id,\n browserFlow: flow.alias,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"execution_one\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"execution_two\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts = pulumi.ResourceOptions(depends_on=[execution_one]))\nbrowser_authentication_binding = keycloak.authentication.Bindings(\"browser_authentication_binding\",\n realm_id=realm.id,\n browser_flow=flow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"execution_one\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"execution_two\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n executionOne,\n },\n });\n\n var browserAuthenticationBinding = new Keycloak.Authentication.Bindings(\"browser_authentication_binding\", new()\n {\n RealmId = realm.Id,\n BrowserFlow = flow.Alias,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"execution_one\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_two\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewBindings(ctx, \"browser_authentication_binding\", \u0026authentication.BindingsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBrowserFlow: flow.Alias,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.Bindings;\nimport com.pulumi.keycloak.authentication.BindingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n var browserAuthenticationBinding = new Bindings(\"browserAuthenticationBinding\", BindingsArgs.builder()\n .realmId(realm.id())\n .browserFlow(flow.alias())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n name: execution_one\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n name: execution_two\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependsOn:\n - ${executionOne}\n browserAuthenticationBinding:\n type: keycloak:authentication:Bindings\n name: browser_authentication_binding\n properties:\n realmId: ${realm.id}\n browserFlow: ${flow.alias}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","properties":{"browserFlow":{"type":"string","description":"The alias of the flow to assign to the realm BrowserFlow.\n"},"clientAuthenticationFlow":{"type":"string","description":"The alias of the flow to assign to the realm ClientAuthenticationFlow.\n"},"directGrantFlow":{"type":"string","description":"The alias of the flow to assign to the realm DirectGrantFlow.\n"},"dockerAuthenticationFlow":{"type":"string","description":"The alias of the flow to assign to the realm DockerAuthenticationFlow.\n"},"firstBrokerLoginFlow":{"type":"string","description":"The alias of the flow to assign to the realm FirstBrokerLoginFlow (since Keycloak 24).\n"},"realmId":{"type":"string","description":"The realm the authentication flow binding exists in.\n"},"registrationFlow":{"type":"string","description":"The alias of the flow to assign to the realm RegistrationFlow.\n"},"resetCredentialsFlow":{"type":"string","description":"The alias of the flow to assign to the realm ResetCredentialsFlow.\n"}},"required":["browserFlow","clientAuthenticationFlow","directGrantFlow","dockerAuthenticationFlow","firstBrokerLoginFlow","realmId","registrationFlow","resetCredentialsFlow"],"inputProperties":{"browserFlow":{"type":"string","description":"The alias of the flow to assign to the realm BrowserFlow.\n"},"clientAuthenticationFlow":{"type":"string","description":"The alias of the flow to assign to the realm ClientAuthenticationFlow.\n"},"directGrantFlow":{"type":"string","description":"The alias of the flow to assign to the realm DirectGrantFlow.\n"},"dockerAuthenticationFlow":{"type":"string","description":"The alias of the flow to assign to the realm DockerAuthenticationFlow.\n"},"firstBrokerLoginFlow":{"type":"string","description":"The alias of the flow to assign to the realm FirstBrokerLoginFlow (since Keycloak 24).\n"},"realmId":{"type":"string","description":"The realm the authentication flow binding exists in.\n","willReplaceOnChanges":true},"registrationFlow":{"type":"string","description":"The alias of the flow to assign to the realm RegistrationFlow.\n"},"resetCredentialsFlow":{"type":"string","description":"The alias of the flow to assign to the realm ResetCredentialsFlow.\n"}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Bindings resources.\n","properties":{"browserFlow":{"type":"string","description":"The alias of the flow to assign to the realm BrowserFlow.\n"},"clientAuthenticationFlow":{"type":"string","description":"The alias of the flow to assign to the realm ClientAuthenticationFlow.\n"},"directGrantFlow":{"type":"string","description":"The alias of the flow to assign to the realm DirectGrantFlow.\n"},"dockerAuthenticationFlow":{"type":"string","description":"The alias of the flow to assign to the realm DockerAuthenticationFlow.\n"},"firstBrokerLoginFlow":{"type":"string","description":"The alias of the flow to assign to the realm FirstBrokerLoginFlow (since Keycloak 24).\n"},"realmId":{"type":"string","description":"The realm the authentication flow binding exists in.\n","willReplaceOnChanges":true},"registrationFlow":{"type":"string","description":"The alias of the flow to assign to the realm RegistrationFlow.\n"},"resetCredentialsFlow":{"type":"string","description":"The alias of the flow to assign to the realm ResetCredentialsFlow.\n"}},"type":"object"}},"keycloak:authentication/execution:Execution":{"description":"Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Following limitation affects Keycloak \u003c 25: Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using \u003cspan pulumi-lang-nodejs=\"`dependsOn`\" pulumi-lang-dotnet=\"`DependsOn`\" pulumi-lang-go=\"`dependsOn`\" pulumi-lang-python=\"`depends_on`\" pulumi-lang-yaml=\"`dependsOn`\" pulumi-lang-java=\"`dependsOn`\"\u003e`depends_on`\u003c/span\u003e. Authentication executions that are created first will appear first within the flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"execution_one\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n priority: 10,\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"execution_two\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n priority: 20,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"execution_one\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\",\n priority=10)\n# second execution\nexecution_two = keycloak.authentication.Execution(\"execution_two\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n priority=20)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"execution_one\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n Priority = 10,\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"execution_two\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n Priority = 20,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_one\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t\tPriority: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_two\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t\tPriority: pulumi.Int(20),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .priority(10)\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .priority(20)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n name: execution_one\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n priority: 10\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n name: execution_two\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n priority: 20\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_authentication_execution.execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n","properties":{"authenticator":{"type":"string","description":"The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools.\n"},"parentFlowAlias":{"type":"string","description":"The alias of the flow this execution is attached to.\n"},"priority":{"type":"integer","description":"The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n"},"realmId":{"type":"string","description":"The realm the authentication execution exists in.\n"},"requirement":{"type":"string","description":"The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`.\n"}},"required":["authenticator","parentFlowAlias","realmId"],"inputProperties":{"authenticator":{"type":"string","description":"The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools.\n","willReplaceOnChanges":true},"parentFlowAlias":{"type":"string","description":"The alias of the flow this execution is attached to.\n","willReplaceOnChanges":true},"priority":{"type":"integer","description":"The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n"},"realmId":{"type":"string","description":"The realm the authentication execution exists in.\n","willReplaceOnChanges":true},"requirement":{"type":"string","description":"The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`.\n"}},"requiredInputs":["authenticator","parentFlowAlias","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Execution resources.\n","properties":{"authenticator":{"type":"string","description":"The name of the authenticator. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools.\n","willReplaceOnChanges":true},"parentFlowAlias":{"type":"string","description":"The alias of the flow this execution is attached to.\n","willReplaceOnChanges":true},"priority":{"type":"integer","description":"The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n"},"realmId":{"type":"string","description":"The realm the authentication execution exists in.\n","willReplaceOnChanges":true},"requirement":{"type":"string","description":"The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`. Defaults to `DISABLED`.\n"}},"type":"object"}},"keycloak:authentication/executionConfig:ExecutionConfig":{"description":"Allows for managing an authentication execution's configuration. If a particular authentication execution supports additional\nconfiguration (such as with the `identity-provider-redirector` execution), this can be managed with this resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst execution = new keycloak.authentication.Execution(\"execution\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n});\nconst config = new keycloak.authentication.ExecutionConfig(\"config\", {\n realmId: realm.id,\n executionId: execution.id,\n alias: \"my-config-alias\",\n config: {\n defaultProvider: \"my-config-default-idp\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nexecution = keycloak.authentication.Execution(\"execution\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\")\nconfig = keycloak.authentication.ExecutionConfig(\"config\",\n realm_id=realm.id,\n execution_id=execution.id,\n alias=\"my-config-alias\",\n config={\n \"defaultProvider\": \"my-config-default-idp\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var execution = new Keycloak.Authentication.Execution(\"execution\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n });\n\n var config = new Keycloak.Authentication.ExecutionConfig(\"config\", new()\n {\n RealmId = realm.Id,\n ExecutionId = execution.Id,\n Alias = \"my-config-alias\",\n Config = \n {\n { \"defaultProvider\", \"my-config-default-idp\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texecution, err := authentication.NewExecution(ctx, \"execution\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecutionConfig(ctx, \"config\", \u0026authentication.ExecutionConfigArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tExecutionId: execution.ID(),\n\t\t\tAlias: pulumi.String(\"my-config-alias\"),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"defaultProvider\": pulumi.String(\"my-config-default-idp\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.ExecutionConfig;\nimport com.pulumi.keycloak.authentication.ExecutionConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var execution = new Execution(\"execution\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .build());\n\n var config = new ExecutionConfig(\"config\", ExecutionConfigArgs.builder()\n .realmId(realm.id())\n .executionId(execution.id())\n .alias(\"my-config-alias\")\n .config(Map.of(\"defaultProvider\", \"my-config-default-idp\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n execution:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n config:\n type: keycloak:authentication:ExecutionConfig\n properties:\n realmId: ${realm.id}\n executionId: ${execution.id}\n alias: my-config-alias\n config:\n defaultProvider: my-config-default-idp\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfigurations can be imported using the format `{{realm}}/{{authenticationExecutionId}}/{{authenticationExecutionConfigId}}`.\nIf the `authenticationExecutionId` is incorrect, the import will still be successful.\nA subsequent apply will change the `authenticationExecutionId` to the correct one, which causes the configuration to be replaced.\n\nExample:\n\n```bash\n$ terraform import keycloak_authentication_execution_config.config my-realm/be081463-ddbf-4b42-9eff-9c97886f24ff/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n","properties":{"alias":{"type":"string","description":"The name of the configuration.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The configuration. Keys are specific to each configurable authentication execution and not checked when applying.\n"},"executionId":{"type":"string","description":"The authentication execution this configuration is attached to.\n"},"realmId":{"type":"string","description":"The realm the authentication execution exists in.\n"}},"required":["alias","config","executionId","realmId"],"inputProperties":{"alias":{"type":"string","description":"The name of the configuration.\n","willReplaceOnChanges":true},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The configuration. Keys are specific to each configurable authentication execution and not checked when applying.\n"},"executionId":{"type":"string","description":"The authentication execution this configuration is attached to.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm the authentication execution exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["config","executionId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering ExecutionConfig resources.\n","properties":{"alias":{"type":"string","description":"The name of the configuration.\n","willReplaceOnChanges":true},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The configuration. Keys are specific to each configurable authentication execution and not checked when applying.\n"},"executionId":{"type":"string","description":"The authentication execution this configuration is attached to.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm the authentication execution exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:authentication/flow:Flow":{"description":"Allows for creating and managing an authentication flow within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst execution = new keycloak.authentication.Execution(\"execution\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"REQUIRED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nexecution = keycloak.authentication.Execution(\"execution\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"REQUIRED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var execution = new Keycloak.Authentication.Execution(\"execution\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"REQUIRED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewExecution(ctx, \"execution\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"REQUIRED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var execution = new Execution(\"execution\", ExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"REQUIRED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n execution:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: REQUIRED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{authenticationFlowId}}`. The authentication flow ID is\ntypically a GUID which is autogenerated when the flow is created via Keycloak.\n\nUnfortunately, it is not trivial to retrieve the authentication flow ID from the UI. The best way to do this is to visit the\n\"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to `/auth/admin/realms/${realm}/authentication/flows`,\nwhich will be a list of authentication flows.\n\nExample:\n\n```bash\n$ terraform import keycloak_authentication_flow.flow my-realm/e9a5641e-778c-4daf-89c0-f4ef617987d1\n```\n\n","properties":{"alias":{"type":"string","description":"The alias for this authentication flow.\n"},"description":{"type":"string","description":"A description for the authentication flow.\n"},"providerId":{"type":"string","description":"The type of authentication flow to create. Valid choices include `basic-flow` and `client-flow`. Defaults to `basic-flow`.\n"},"realmId":{"type":"string","description":"The realm that the authentication flow exists in.\n"}},"required":["alias","realmId"],"inputProperties":{"alias":{"type":"string","description":"The alias for this authentication flow.\n"},"description":{"type":"string","description":"A description for the authentication flow.\n"},"providerId":{"type":"string","description":"The type of authentication flow to create. Valid choices include `basic-flow` and `client-flow`. Defaults to `basic-flow`.\n"},"realmId":{"type":"string","description":"The realm that the authentication flow exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Flow resources.\n","properties":{"alias":{"type":"string","description":"The alias for this authentication flow.\n"},"description":{"type":"string","description":"A description for the authentication flow.\n"},"providerId":{"type":"string","description":"The type of authentication flow to create. Valid choices include `basic-flow` and `client-flow`. Defaults to `basic-flow`.\n"},"realmId":{"type":"string","description":"The realm that the authentication flow exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:authentication/subflow:Subflow":{"description":"Allows for creating and managing an authentication subflow within Keycloak.\n\nLike authentication flows, authentication subflows are containers for authentication executions.\nAs its name implies, an authentication subflow is contained in an authentication flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\nconst subflow = new keycloak.authentication.Subflow(\"subflow\", {\n realmId: realm.id,\n alias: \"my-subflow-alias\",\n parentFlowAlias: flow.alias,\n providerId: \"basic-flow\",\n requirement: \"ALTERNATIVE\",\n priority: 10,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\nsubflow = keycloak.authentication.Subflow(\"subflow\",\n realm_id=realm.id,\n alias=\"my-subflow-alias\",\n parent_flow_alias=flow.alias,\n provider_id=\"basic-flow\",\n requirement=\"ALTERNATIVE\",\n priority=10)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n var subflow = new Keycloak.Authentication.Subflow(\"subflow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-subflow-alias\",\n ParentFlowAlias = flow.Alias,\n ProviderId = \"basic-flow\",\n Requirement = \"ALTERNATIVE\",\n Priority = 10,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewSubflow(ctx, \"subflow\", \u0026authentication.SubflowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-subflow-alias\"),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tProviderId: pulumi.String(\"basic-flow\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t\tPriority: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Subflow;\nimport com.pulumi.keycloak.authentication.SubflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n var subflow = new Subflow(\"subflow\", SubflowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-subflow-alias\")\n .parentFlowAlias(flow.alias())\n .providerId(\"basic-flow\")\n .requirement(\"ALTERNATIVE\")\n .priority(10)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n subflow:\n type: keycloak:authentication:Subflow\n properties:\n realmId: ${realm.id}\n alias: my-subflow-alias\n parentFlowAlias: ${flow.alias}\n providerId: basic-flow\n requirement: ALTERNATIVE\n priority: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication flows can be imported using the format `{{realmId}}/{{parentFlowAlias}}/{{authenticationSubflowId}}`.\nThe authentication subflow ID is typically a GUID which is autogenerated when the subflow is created via Keycloak.\n\nUnfortunately, it is not trivial to retrieve the authentication subflow ID from the UI. The best way to do this is to visit the\n\"Authentication\" page in Keycloak, and use the network tab of your browser to view the response of the API call to\n`/auth/admin/realms/${realm}/authentication/flows/{flow}/executions`, which will be a list of executions, where the subflow will be.\n__The subflow ID is contained in the `flowID` field__ (not, as one could guess, the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e field).\n\nExample:\n\n```bash\n$ terraform import keycloak_authentication_subflow.subflow my-realm/\"Parent Flow\"/3bad1172-bb5c-4a77-9615-c2606eb03081\n```\n\n","properties":{"alias":{"type":"string","description":"The alias for this authentication subflow.\n"},"authenticator":{"type":"string","description":"The name of the authenticator. Might be needed to be set with certain custom subflows with specific\nauthenticators. In general this will remain empty.\n"},"description":{"type":"string","description":"A description for the authentication subflow.\n"},"parentFlowAlias":{"type":"string","description":"The alias for the parent authentication flow.\n"},"priority":{"type":"integer","description":"The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n"},"providerId":{"type":"string","description":"The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow`\nand `client-flow`. Defaults to `basic-flow`.\n"},"realmId":{"type":"string","description":"The realm that the authentication subflow exists in.\n"},"requirement":{"type":"string","description":"The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`,\nor `DISABLED`. Defaults to `DISABLED`.\n"}},"required":["alias","parentFlowAlias","realmId"],"inputProperties":{"alias":{"type":"string","description":"The alias for this authentication subflow.\n"},"authenticator":{"type":"string","description":"The name of the authenticator. Might be needed to be set with certain custom subflows with specific\nauthenticators. In general this will remain empty.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"A description for the authentication subflow.\n"},"parentFlowAlias":{"type":"string","description":"The alias for the parent authentication flow.\n","willReplaceOnChanges":true},"priority":{"type":"integer","description":"The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n"},"providerId":{"type":"string","description":"The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow`\nand `client-flow`. Defaults to `basic-flow`.\n"},"realmId":{"type":"string","description":"The realm that the authentication subflow exists in.\n","willReplaceOnChanges":true},"requirement":{"type":"string","description":"The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`,\nor `DISABLED`. Defaults to `DISABLED`.\n"}},"requiredInputs":["parentFlowAlias","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Subflow resources.\n","properties":{"alias":{"type":"string","description":"The alias for this authentication subflow.\n"},"authenticator":{"type":"string","description":"The name of the authenticator. Might be needed to be set with certain custom subflows with specific\nauthenticators. In general this will remain empty.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"A description for the authentication subflow.\n"},"parentFlowAlias":{"type":"string","description":"The alias for the parent authentication flow.\n","willReplaceOnChanges":true},"priority":{"type":"integer","description":"The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak \u003e= 25).\n"},"providerId":{"type":"string","description":"The type of authentication subflow to create. Valid choices include `basic-flow`, `form-flow`\nand `client-flow`. Defaults to `basic-flow`.\n"},"realmId":{"type":"string","description":"The realm that the authentication subflow exists in.\n","willReplaceOnChanges":true},"requirement":{"type":"string","description":"The requirement setting, which can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`,\nor `DISABLED`. Defaults to `DISABLED`.\n"}},"type":"object"}},"keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper":{"description":"Allows for creating and managing an attribute importer identity provider mapper within Keycloak.\n\nThe attribute importer mapper can be used to map attributes from externally defined users to attributes or properties of the imported Keycloak user:\n- For the OIDC identity provider, this will map a claim on the ID or access token to an attribute for the imported Keycloak user.\n- For the SAML identity provider, this will map a SAML attribute found within the assertion to an attribute for the imported Keycloak user.\n- For social identity providers, this will map a JSON field from the user profile to an attribute for the imported Keycloak user.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst oidcAttributeImporterIdentityProviderMapper = new keycloak.AttributeImporterIdentityProviderMapper(\"oidc\", {\n realm: realm.id,\n name: \"email-attribute-importer\",\n claimName: \"my-email-claim\",\n identityProviderAlias: oidc.alias,\n userAttribute: \"email\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\noidc_attribute_importer_identity_provider_mapper = keycloak.AttributeImporterIdentityProviderMapper(\"oidc\",\n realm=realm.id,\n name=\"email-attribute-importer\",\n claim_name=\"my-email-claim\",\n identity_provider_alias=oidc.alias,\n user_attribute=\"email\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var oidcAttributeImporterIdentityProviderMapper = new Keycloak.AttributeImporterIdentityProviderMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"email-attribute-importer\",\n ClaimName = \"my-email-claim\",\n IdentityProviderAlias = oidc.Alias,\n UserAttribute = \"email\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewAttributeImporterIdentityProviderMapper(ctx, \"oidc\", \u0026keycloak.AttributeImporterIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"email-attribute-importer\"),\n\t\t\tClaimName: pulumi.String(\"my-email-claim\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tUserAttribute: pulumi.String(\"email\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"syncMode\": pulumi.String(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var oidcAttributeImporterIdentityProviderMapper = new AttributeImporterIdentityProviderMapper(\"oidcAttributeImporterIdentityProviderMapper\", AttributeImporterIdentityProviderMapperArgs.builder()\n .realm(realm.id())\n .name(\"email-attribute-importer\")\n .claimName(\"my-email-claim\")\n .identityProviderAlias(oidc.alias())\n .userAttribute(\"email\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n oidcAttributeImporterIdentityProviderMapper:\n type: keycloak:AttributeImporterIdentityProviderMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: email-attribute-importer\n claimName: my-email-claim\n identityProviderAlias: ${oidc.alias}\n userAttribute: email\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where \u003cspan pulumi-lang-nodejs=\"`idpAlias`\" pulumi-lang-dotnet=\"`IdpAlias`\" pulumi-lang-go=\"`idpAlias`\" pulumi-lang-python=\"`idp_alias`\" pulumi-lang-yaml=\"`idpAlias`\" pulumi-lang-java=\"`idpAlias`\"\u003e`idp_alias`\u003c/span\u003e is the identity provider alias, and \u003cspan pulumi-lang-nodejs=\"`idpMapperId`\" pulumi-lang-dotnet=\"`IdpMapperId`\" pulumi-lang-go=\"`idpMapperId`\" pulumi-lang-python=\"`idp_mapper_id`\" pulumi-lang-yaml=\"`idpMapperId`\" pulumi-lang-java=\"`idpMapperId`\"\u003e`idp_mapper_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_attribute_importer_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n","properties":{"attributeFriendlyName":{"type":"string","description":"For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeName`\" pulumi-lang-dotnet=\"`AttributeName`\" pulumi-lang-go=\"`attributeName`\" pulumi-lang-python=\"`attribute_name`\" pulumi-lang-yaml=\"`attributeName`\" pulumi-lang-java=\"`attributeName`\"\u003e`attribute_name`\u003c/span\u003e.\n"},"attributeName":{"type":"string","description":"For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeFriendlyName`\" pulumi-lang-dotnet=\"`AttributeFriendlyName`\" pulumi-lang-go=\"`attributeFriendlyName`\" pulumi-lang-python=\"`attribute_friendly_name`\" pulumi-lang-yaml=\"`attributeFriendlyName`\" pulumi-lang-java=\"`attributeFriendlyName`\"\u003e`attribute_friendly_name`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"For OIDC based providers, this is the name of the claim to use.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n"},"name":{"type":"string","description":"The name of the mapper.\n"},"realm":{"type":"string","description":"The name of the realm.\n"},"userAttribute":{"type":"string","description":"The user attribute or property name to store the mapped result.\n"}},"required":["identityProviderAlias","name","realm","userAttribute"],"inputProperties":{"attributeFriendlyName":{"type":"string","description":"For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeName`\" pulumi-lang-dotnet=\"`AttributeName`\" pulumi-lang-go=\"`attributeName`\" pulumi-lang-python=\"`attribute_name`\" pulumi-lang-yaml=\"`attributeName`\" pulumi-lang-java=\"`attributeName`\"\u003e`attribute_name`\u003c/span\u003e.\n"},"attributeName":{"type":"string","description":"For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeFriendlyName`\" pulumi-lang-dotnet=\"`AttributeFriendlyName`\" pulumi-lang-go=\"`attributeFriendlyName`\" pulumi-lang-python=\"`attribute_friendly_name`\" pulumi-lang-yaml=\"`attributeFriendlyName`\" pulumi-lang-java=\"`attributeFriendlyName`\"\u003e`attribute_friendly_name`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"For OIDC based providers, this is the name of the claim to use.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true},"userAttribute":{"type":"string","description":"The user attribute or property name to store the mapped result.\n"}},"requiredInputs":["identityProviderAlias","realm","userAttribute"],"stateInputs":{"description":"Input properties used for looking up and filtering AttributeImporterIdentityProviderMapper resources.\n","properties":{"attributeFriendlyName":{"type":"string","description":"For SAML based providers, this is the friendly name of the attribute to search for in the assertion. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeName`\" pulumi-lang-dotnet=\"`AttributeName`\" pulumi-lang-go=\"`attributeName`\" pulumi-lang-python=\"`attribute_name`\" pulumi-lang-yaml=\"`attributeName`\" pulumi-lang-java=\"`attributeName`\"\u003e`attribute_name`\u003c/span\u003e.\n"},"attributeName":{"type":"string","description":"For SAML based providers, this is the name of the attribute to search for in the assertion. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeFriendlyName`\" pulumi-lang-dotnet=\"`AttributeFriendlyName`\" pulumi-lang-go=\"`attributeFriendlyName`\" pulumi-lang-python=\"`attribute_friendly_name`\" pulumi-lang-yaml=\"`attributeFriendlyName`\" pulumi-lang-java=\"`attributeFriendlyName`\"\u003e`attribute_friendly_name`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"For OIDC based providers, this is the name of the claim to use.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true},"userAttribute":{"type":"string","description":"The user attribute or property name to store the mapped result.\n"}},"type":"object"}},"keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper":{"description":"Allows for creating and managing an attribute to role identity provider mapper within Keycloak.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst oidcAttributeToRoleIdentityMapper = new keycloak.AttributeToRoleIdentityMapper(\"oidc\", {\n realm: realm.id,\n name: \"role-attribute\",\n identityProviderAlias: oidc.alias,\n role: \"my-realm-role\",\n claimName: \"my-claim\",\n claimValue: \"my-value\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\noidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper(\"oidc\",\n realm=realm.id,\n name=\"role-attribute\",\n identity_provider_alias=oidc.alias,\n role=\"my-realm-role\",\n claim_name=\"my-claim\",\n claim_value=\"my-value\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var oidcAttributeToRoleIdentityMapper = new Keycloak.AttributeToRoleIdentityMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"role-attribute\",\n IdentityProviderAlias = oidc.Alias,\n Role = \"my-realm-role\",\n ClaimName = \"my-claim\",\n ClaimValue = \"my-value\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewAttributeToRoleIdentityMapper(ctx, \"oidc\", \u0026keycloak.AttributeToRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"role-attribute\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tClaimName: pulumi.String(\"my-claim\"),\n\t\t\tClaimValue: pulumi.String(\"my-value\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"syncMode\": pulumi.String(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapper;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var oidcAttributeToRoleIdentityMapper = new AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", AttributeToRoleIdentityMapperArgs.builder()\n .realm(realm.id())\n .name(\"role-attribute\")\n .identityProviderAlias(oidc.alias())\n .role(\"my-realm-role\")\n .claimName(\"my-claim\")\n .claimValue(\"my-value\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n oidcAttributeToRoleIdentityMapper:\n type: keycloak:AttributeToRoleIdentityMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: role-attribute\n identityProviderAlias: ${oidc.alias}\n role: my-realm-role\n claimName: my-claim\n claimValue: my-value\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where \u003cspan pulumi-lang-nodejs=\"`idpAlias`\" pulumi-lang-dotnet=\"`IdpAlias`\" pulumi-lang-go=\"`idpAlias`\" pulumi-lang-python=\"`idp_alias`\" pulumi-lang-yaml=\"`idpAlias`\" pulumi-lang-java=\"`idpAlias`\"\u003e`idp_alias`\u003c/span\u003e is the identity provider alias, and \u003cspan pulumi-lang-nodejs=\"`idpMapperId`\" pulumi-lang-dotnet=\"`IdpMapperId`\" pulumi-lang-go=\"`idpMapperId`\" pulumi-lang-python=\"`idp_mapper_id`\" pulumi-lang-yaml=\"`idpMapperId`\" pulumi-lang-java=\"`idpMapperId`\"\u003e`idp_mapper_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_attribute_to_role_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n","properties":{"attributeFriendlyName":{"type":"string","description":"Attribute Friendly Name. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeName`\" pulumi-lang-dotnet=\"`AttributeName`\" pulumi-lang-go=\"`attributeName`\" pulumi-lang-python=\"`attribute_name`\" pulumi-lang-yaml=\"`attributeName`\" pulumi-lang-java=\"`attributeName`\"\u003e`attribute_name`\u003c/span\u003e.\n"},"attributeName":{"type":"string","description":"Attribute Name.\n"},"attributeValue":{"type":"string","description":"Attribute Value.\n"},"claimName":{"type":"string","description":"OIDC Claim Name\n"},"claimValue":{"type":"string","description":"OIDC Claim Value\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n"},"name":{"type":"string","description":"The name of the mapper.\n"},"realm":{"type":"string","description":"The name of the realm.\n"},"role":{"type":"string","description":"Role Name.\n"}},"required":["identityProviderAlias","name","realm","role"],"inputProperties":{"attributeFriendlyName":{"type":"string","description":"Attribute Friendly Name. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeName`\" pulumi-lang-dotnet=\"`AttributeName`\" pulumi-lang-go=\"`attributeName`\" pulumi-lang-python=\"`attribute_name`\" pulumi-lang-yaml=\"`attributeName`\" pulumi-lang-java=\"`attributeName`\"\u003e`attribute_name`\u003c/span\u003e.\n"},"attributeName":{"type":"string","description":"Attribute Name.\n"},"attributeValue":{"type":"string","description":"Attribute Value.\n"},"claimName":{"type":"string","description":"OIDC Claim Name\n"},"claimValue":{"type":"string","description":"OIDC Claim Value\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"Role Name.\n"}},"requiredInputs":["identityProviderAlias","realm","role"],"stateInputs":{"description":"Input properties used for looking up and filtering AttributeToRoleIdentityMapper resources.\n","properties":{"attributeFriendlyName":{"type":"string","description":"Attribute Friendly Name. Conflicts with \u003cspan pulumi-lang-nodejs=\"`attributeName`\" pulumi-lang-dotnet=\"`AttributeName`\" pulumi-lang-go=\"`attributeName`\" pulumi-lang-python=\"`attribute_name`\" pulumi-lang-yaml=\"`attributeName`\" pulumi-lang-java=\"`attributeName`\"\u003e`attribute_name`\u003c/span\u003e.\n"},"attributeName":{"type":"string","description":"Attribute Name.\n"},"attributeValue":{"type":"string","description":"Attribute Value.\n"},"claimName":{"type":"string","description":"OIDC Claim Name\n"},"claimValue":{"type":"string","description":"OIDC Claim Value\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"Role Name.\n"}},"type":"object"}},"keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping":{"description":"Allows for creating and managing custom identity provider mapper within Keycloak.\n\nThe custom identity provider mapper can be used to define custom mapper type for the imported Keycloak user. This can be\nuseful for extending an existing Keycloak mapper with additional config that is not supported by this provider, or when\nconfiguring a custom identity provider mapper via Terraform.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst oidcCustomIdentityProviderMapping = new keycloak.CustomIdentityProviderMapping(\"oidc\", {\n realm: realm.id,\n name: \"email-attribute-importer\",\n identityProviderAlias: oidc.alias,\n identityProviderMapper: \"%s-user-attribute-idp-mapper\",\n extraConfig: {\n syncMode: \"INHERIT\",\n Claim: \"my-email-claim\",\n UserAttribute: \"email\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\noidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping(\"oidc\",\n realm=realm.id,\n name=\"email-attribute-importer\",\n identity_provider_alias=oidc.alias,\n identity_provider_mapper=\"%s-user-attribute-idp-mapper\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n \"Claim\": \"my-email-claim\",\n \"UserAttribute\": \"email\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var oidcCustomIdentityProviderMapping = new Keycloak.CustomIdentityProviderMapping(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"email-attribute-importer\",\n IdentityProviderAlias = oidc.Alias,\n IdentityProviderMapper = \"%s-user-attribute-idp-mapper\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n { \"Claim\", \"my-email-claim\" },\n { \"UserAttribute\", \"email\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomIdentityProviderMapping(ctx, \"oidc\", \u0026keycloak.CustomIdentityProviderMappingArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"email-attribute-importer\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tIdentityProviderMapper: pulumi.String(\"%s-user-attribute-idp-mapper\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"syncMode\": pulumi.String(\"INHERIT\"),\n\t\t\t\t\"Claim\": pulumi.String(\"my-email-claim\"),\n\t\t\t\t\"UserAttribute\": pulumi.String(\"email\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.CustomIdentityProviderMapping;\nimport com.pulumi.keycloak.CustomIdentityProviderMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var oidcCustomIdentityProviderMapping = new CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", CustomIdentityProviderMappingArgs.builder()\n .realm(realm.id())\n .name(\"email-attribute-importer\")\n .identityProviderAlias(oidc.alias())\n .identityProviderMapper(\"%s-user-attribute-idp-mapper\")\n .extraConfig(Map.ofEntries(\n Map.entry(\"syncMode\", \"INHERIT\"),\n Map.entry(\"Claim\", \"my-email-claim\"),\n Map.entry(\"UserAttribute\", \"email\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n oidcCustomIdentityProviderMapping:\n type: keycloak:CustomIdentityProviderMapping\n name: oidc\n properties:\n realm: ${realm.id}\n name: email-attribute-importer\n identityProviderAlias: ${oidc.alias}\n identityProviderMapper: '%s-user-attribute-idp-mapper'\n extraConfig:\n syncMode: INHERIT\n Claim: my-email-claim\n UserAttribute: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where \u003cspan pulumi-lang-nodejs=\"`idpAlias`\" pulumi-lang-dotnet=\"`IdpAlias`\" pulumi-lang-go=\"`idpAlias`\" pulumi-lang-python=\"`idp_alias`\" pulumi-lang-yaml=\"`idpAlias`\" pulumi-lang-java=\"`idpAlias`\"\u003e`idp_alias`\u003c/span\u003e is the identity provider alias, and \u003cspan pulumi-lang-nodejs=\"`idpMapperId`\" pulumi-lang-dotnet=\"`IdpMapperId`\" pulumi-lang-go=\"`idpMapperId`\" pulumi-lang-python=\"`idp_mapper_id`\" pulumi-lang-yaml=\"`idpMapperId`\" pulumi-lang-java=\"`idpMapperId`\"\u003e`idp_mapper_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_custom_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n"},"identityProviderMapper":{"type":"string","description":"The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id.\n"},"name":{"type":"string","description":"The name of the mapper.\n"},"realm":{"type":"string","description":"The name of the realm.\n"}},"required":["identityProviderAlias","identityProviderMapper","name","realm"],"inputProperties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"identityProviderMapper":{"type":"string","description":"The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id.\n"},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true}},"requiredInputs":["identityProviderAlias","identityProviderMapper","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering CustomIdentityProviderMapping resources.\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"identityProviderMapper":{"type":"string","description":"The type of the identity provider mapper. This can be a format string that includes a `%s` - this will be replaced by the provider id.\n"},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/customUserFederation:CustomUserFederation":{"description":"Allows for creating and managing custom user federation providers within Keycloak.\n\nA custom user federation provider is an implementation of Keycloak's [User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi).\nAn example of this implementation can be found here.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst customUserFederation = new keycloak.CustomUserFederation(\"custom_user_federation\", {\n name: \"custom\",\n realmId: realm.id,\n providerId: \"custom\",\n enabled: true,\n config: {\n dummyString: \"foobar\",\n dummyBool: \"true\",\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\ncustom_user_federation = keycloak.CustomUserFederation(\"custom_user_federation\",\n name=\"custom\",\n realm_id=realm.id,\n provider_id=\"custom\",\n enabled=True,\n config={\n \"dummyString\": \"foobar\",\n \"dummyBool\": \"true\",\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var customUserFederation = new Keycloak.CustomUserFederation(\"custom_user_federation\", new()\n {\n Name = \"custom\",\n RealmId = realm.Id,\n ProviderId = \"custom\",\n Enabled = true,\n Config = \n {\n { \"dummyString\", \"foobar\" },\n { \"dummyBool\", \"true\" },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomUserFederation(ctx, \"custom_user_federation\", \u0026keycloak.CustomUserFederationArgs{\n\t\t\tName: pulumi.String(\"custom\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tProviderId: pulumi.String(\"custom\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"dummyString\": pulumi.String(\"foobar\"),\n\t\t\t\t\"dummyBool\": pulumi.String(\"true\"),\n\t\t\t\t\"multivalue\": pulumi.String(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.CustomUserFederation;\nimport com.pulumi.keycloak.CustomUserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"test\")\n .enabled(true)\n .build());\n\n var customUserFederation = new CustomUserFederation(\"customUserFederation\", CustomUserFederationArgs.builder()\n .name(\"custom\")\n .realmId(realm.id())\n .providerId(\"custom\")\n .enabled(true)\n .config(Map.ofEntries(\n Map.entry(\"dummyString\", \"foobar\"),\n Map.entry(\"dummyBool\", \"true\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n customUserFederation:\n type: keycloak:CustomUserFederation\n name: custom_user_federation\n properties:\n name: custom\n realmId: ${realm.id}\n providerId: custom\n enabled: true\n config:\n dummyString: foobar\n dummyBool: true\n multivalue: value1##value2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCustom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`.\nThe ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_custom_user_federation.custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n\n","properties":{"cachePolicy":{"type":"string","description":"Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n"},"changedSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this provider will not be used when performing queries for users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync.\n"},"name":{"type":"string","description":"Display name of the provider when displayed in the console.\n"},"parentId":{"type":"string","description":"Must be set to the realms' \u003cspan pulumi-lang-nodejs=\"`internalId`\" pulumi-lang-dotnet=\"`InternalId`\" pulumi-lang-go=\"`internalId`\" pulumi-lang-python=\"`internal_id`\" pulumi-lang-yaml=\"`internalId`\" pulumi-lang-java=\"`internalId`\"\u003e`internal_id`\u003c/span\u003e when it differs from the realm. This can happen when existing resources are imported into the state.\n"},"priority":{"type":"integer","description":"Priority of this provider when looking up users. Lower values are first. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"providerId":{"type":"string","description":"The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n"},"realmId":{"type":"string","description":"The realm that this provider will provide user federation for.\n"}},"required":["name","parentId","providerId","realmId"],"inputProperties":{"cachePolicy":{"type":"string","description":"Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n"},"changedSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this provider will not be used when performing queries for users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync.\n"},"name":{"type":"string","description":"Display name of the provider when displayed in the console.\n"},"parentId":{"type":"string","description":"Must be set to the realms' \u003cspan pulumi-lang-nodejs=\"`internalId`\" pulumi-lang-dotnet=\"`InternalId`\" pulumi-lang-go=\"`internalId`\" pulumi-lang-python=\"`internal_id`\" pulumi-lang-yaml=\"`internalId`\" pulumi-lang-java=\"`internalId`\"\u003e`internal_id`\u003c/span\u003e when it differs from the realm. This can happen when existing resources are imported into the state.\n","willReplaceOnChanges":true},"priority":{"type":"integer","description":"Priority of this provider when looking up users. Lower values are first. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"providerId":{"type":"string","description":"The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm that this provider will provide user federation for.\n","willReplaceOnChanges":true}},"requiredInputs":["providerId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering CustomUserFederation resources.\n","properties":{"cachePolicy":{"type":"string","description":"Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n"},"changedSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync changed users, in seconds. Omit this property to disable periodic changed users sync.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The provider configuration handed over to your custom user federation provider. In order to add multivalued settings, use `##` to separate the values.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this provider will not be used when performing queries for users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync all users, in seconds. Omit this property to disable periodic full sync.\n"},"name":{"type":"string","description":"Display name of the provider when displayed in the console.\n"},"parentId":{"type":"string","description":"Must be set to the realms' \u003cspan pulumi-lang-nodejs=\"`internalId`\" pulumi-lang-dotnet=\"`InternalId`\" pulumi-lang-go=\"`internalId`\" pulumi-lang-python=\"`internal_id`\" pulumi-lang-yaml=\"`internalId`\" pulumi-lang-java=\"`internalId`\"\u003e`internal_id`\u003c/span\u003e when it differs from the realm. This can happen when existing resources are imported into the state.\n","willReplaceOnChanges":true},"priority":{"type":"integer","description":"Priority of this provider when looking up users. Lower values are first. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"providerId":{"type":"string","description":"The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm that this provider will provide user federation for.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/defaultGroups:DefaultGroups":{"description":"Allows for managing a realm's default groups.\n\n\u003e You should not use \u003cspan pulumi-lang-nodejs=\"`keycloak.DefaultGroups`\" pulumi-lang-dotnet=\"`keycloak.DefaultGroups`\" pulumi-lang-go=\"`DefaultGroups`\" pulumi-lang-python=\"`DefaultGroups`\" pulumi-lang-yaml=\"`keycloak.DefaultGroups`\" pulumi-lang-java=\"`keycloak.DefaultGroups`\"\u003e`keycloak.DefaultGroups`\u003c/span\u003e with a group whose members are managed by \u003cspan pulumi-lang-nodejs=\"`keycloak.GroupMemberships`\" pulumi-lang-dotnet=\"`keycloak.GroupMemberships`\" pulumi-lang-go=\"`GroupMemberships`\" pulumi-lang-python=\"`GroupMemberships`\" pulumi-lang-yaml=\"`keycloak.GroupMemberships`\" pulumi-lang-java=\"`keycloak.GroupMemberships`\"\u003e`keycloak.GroupMemberships`\u003c/span\u003e.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst _default = new keycloak.DefaultGroups(\"default\", {\n realmId: realm.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\ndefault = keycloak.DefaultGroups(\"default\",\n realm_id=realm.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var @default = new Keycloak.DefaultGroups(\"default\", new()\n {\n RealmId = realm.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultGroups(ctx, \"default\", \u0026keycloak.DefaultGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.DefaultGroups;\nimport com.pulumi.keycloak.DefaultGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var default_ = new DefaultGroups(\"default\", DefaultGroupsArgs.builder()\n .realmId(realm.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n default:\n type: keycloak:DefaultGroups\n properties:\n realmId: ${realm.id}\n groupIds:\n - ${group.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDefault groups can be imported using the format `{{realm_id}}` where \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e is the realm the group exists in.\n\nExample:\n\n```bash\n$ terraform import keycloak_default_groups.default my-realm\n```\n\n","properties":{"groupIds":{"type":"array","items":{"type":"string"},"description":"A set of group ids that should be default groups on the realm referenced by \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n"}},"required":["groupIds","realmId"],"inputProperties":{"groupIds":{"type":"array","items":{"type":"string"},"description":"A set of group ids that should be default groups on the realm referenced by \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["groupIds","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering DefaultGroups resources.\n","properties":{"groupIds":{"type":"array","items":{"type":"string"},"description":"A set of group ids that should be default groups on the realm referenced by \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/defaultRoles:DefaultRoles":{"description":"Allows managing default roles within Keycloak.\n\nNote: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst defaultRoles = new keycloak.DefaultRoles(\"default_roles\", {\n realmId: realm.id,\n defaultRoles: [\"uma_authorization\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ndefault_roles = keycloak.DefaultRoles(\"default_roles\",\n realm_id=realm.id,\n default_roles=[\"uma_authorization\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var defaultRoles = new Keycloak.DefaultRoles(\"default_roles\", new()\n {\n RealmId = realm.Id,\n RoleNames = new[]\n {\n \"uma_authorization\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultRoles(ctx, \"default_roles\", \u0026keycloak.DefaultRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDefaultRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"uma_authorization\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.DefaultRoles;\nimport com.pulumi.keycloak.DefaultRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var defaultRoles = new DefaultRoles(\"defaultRoles\", DefaultRolesArgs.builder()\n .realmId(realm.id())\n .defaultRoles(\"uma_authorization\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n defaultRoles:\n type: keycloak:DefaultRoles\n name: default_roles\n properties:\n realmId: ${realm.id}\n defaultRoles:\n - uma_authorization\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Roles)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst defaultRoles = new keycloak.DefaultRoles(\"default_roles\", {\n realmId: realm.id,\n defaultRoles: [\n \"account/manage-account\",\n \"account/view-groups\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ndefault_roles = keycloak.DefaultRoles(\"default_roles\",\n realm_id=realm.id,\n default_roles=[\n \"account/manage-account\",\n \"account/view-groups\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var defaultRoles = new Keycloak.DefaultRoles(\"default_roles\", new()\n {\n RealmId = realm.Id,\n RoleNames = new[]\n {\n \"account/manage-account\",\n \"account/view-groups\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultRoles(ctx, \"default_roles\", \u0026keycloak.DefaultRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDefaultRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"account/manage-account\"),\n\t\t\t\tpulumi.String(\"account/view-groups\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.DefaultRoles;\nimport com.pulumi.keycloak.DefaultRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var defaultRoles = new DefaultRoles(\"defaultRoles\", DefaultRolesArgs.builder()\n .realmId(realm.id())\n .defaultRoles( \n \"account/manage-account\",\n \"account/view-groups\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n defaultRoles:\n type: keycloak:DefaultRoles\n name: default_roles\n properties:\n realmId: ${realm.id}\n defaultRoles:\n - account/manage-account\n - account/view-groups\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDefault roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where \u003cspan pulumi-lang-nodejs=\"`defaultRoleId`\" pulumi-lang-dotnet=\"`DefaultRoleId`\" pulumi-lang-go=\"`defaultRoleId`\" pulumi-lang-python=\"`default_role_id`\" pulumi-lang-yaml=\"`defaultRoleId`\" pulumi-lang-java=\"`defaultRoleId`\"\u003e`default_role_id`\u003c/span\u003e is the unique ID of the composite\nrole that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing\nthe default roles.\n\nExample:\n\n```bash\n$ terraform import keycloak_default_roles.default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d\n```\n\n","properties":{"defaultRoles":{"type":"array","items":{"type":"string"},"description":"Roles assigned to new users by default.\n","language":{"csharp":{"name":"RoleNames"}}},"realmId":{"type":"string","description":"The realm this role exists within.\n"}},"required":["defaultRoles","realmId"],"inputProperties":{"defaultRoles":{"type":"array","items":{"type":"string"},"description":"Roles assigned to new users by default.\n","language":{"csharp":{"name":"RoleNames"}}},"realmId":{"type":"string","description":"The realm this role exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["defaultRoles","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering DefaultRoles resources.\n","properties":{"defaultRoles":{"type":"array","items":{"type":"string"},"description":"Roles assigned to new users by default.\n","language":{"csharp":{"name":"RoleNames"}}},"realmId":{"type":"string","description":"The realm this role exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper":{"description":"!\u003e **WARNING:** This resource is deprecated and will be removed in the next major version. Please use \u003cspan pulumi-lang-nodejs=\"`keycloak.GenericProtocolMapper`\" pulumi-lang-dotnet=\"`keycloak.GenericProtocolMapper`\" pulumi-lang-go=\"`GenericProtocolMapper`\" pulumi-lang-python=\"`GenericProtocolMapper`\" pulumi-lang-yaml=\"`keycloak.GenericProtocolMapper`\" pulumi-lang-java=\"`keycloak.GenericProtocolMapper`\"\u003e`keycloak.GenericProtocolMapper`\u003c/span\u003e instead.\n\nAllows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors.\nTherefore, if possible, a specific mapper should be used.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper(\"saml_hardcode_attribute_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"test-mapper\",\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper(\"saml_hardcode_attribute_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"test-mapper\",\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper(\"saml_hardcode_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"test-mapper\",\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientProtocolMapper(ctx, \"saml_hardcode_attribute_mapper\", \u0026keycloak.GenericClientProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"attribute.name\": pulumi.String(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.String(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.String(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.String(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericClientProtocolMapper;\nimport com.pulumi.keycloak.GenericClientProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", GenericClientProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"test-mapper\")\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericClientProtocolMapper\n name: saml_hardcode_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: test-mapper\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_generic_client_protocol_mapper.saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper is attached to.\n"},"clientScopeId":{"type":"string","description":"The mapper's associated client scope. Cannot be used at the same time as client_id."},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"protocol":{"type":"string","description":"The type of client (either `openid-connect` or \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e). The type must match the type of the client.\n"},"protocolMapper":{"type":"string","description":"The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["config","name","protocol","protocolMapper","realmId"],"inputProperties":{"clientId":{"type":"string","description":"The client this protocol mapper is attached to.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The mapper's associated client scope. Cannot be used at the same time as client_id.","willReplaceOnChanges":true},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"protocol":{"type":"string","description":"The type of client (either `openid-connect` or \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e). The type must match the type of the client.\n","willReplaceOnChanges":true},"protocolMapper":{"type":"string","description":"The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["config","protocol","protocolMapper","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering GenericClientProtocolMapper resources.\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper is attached to.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The mapper's associated client scope. Cannot be used at the same time as client_id.","willReplaceOnChanges":true},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"protocol":{"type":"string","description":"The type of client (either `openid-connect` or \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e). The type must match the type of the client.\n","willReplaceOnChanges":true},"protocolMapper":{"type":"string","description":"The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/genericClientRoleMapper:GenericClientRoleMapper":{"description":"!\u003e **WARNING:** This resource is deprecated and will be removed in the next major version. Please use \u003cspan pulumi-lang-nodejs=\"`keycloak.GenericRoleMapper`\" pulumi-lang-dotnet=\"`keycloak.GenericRoleMapper`\" pulumi-lang-go=\"`GenericRoleMapper`\" pulumi-lang-python=\"`GenericRoleMapper`\" pulumi-lang-yaml=\"`keycloak.GenericRoleMapper`\" pulumi-lang-java=\"`keycloak.GenericRoleMapper`\"\u003e`keycloak.GenericRoleMapper`\u003c/span\u003e instead.\n\nAllow for creating and managing a client's scope mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n\u003cspan pulumi-lang-nodejs=\"`fullScopeAllowed`\" pulumi-lang-dotnet=\"`FullScopeAllowed`\" pulumi-lang-go=\"`fullScopeAllowed`\" pulumi-lang-python=\"`full_scope_allowed`\" pulumi-lang-yaml=\"`fullScopeAllowed`\" pulumi-lang-java=\"`fullScopeAllowed`\"\u003e`full_scope_allowed`\u003c/span\u003e is set to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"client_a\", {\n realmId: realm.id,\n clientId: \"client-a\",\n name: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"client_role_a\", {\n realmId: realm.id,\n clientId: clientA.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"client_b\", {\n realmId: realm.id,\n clientId: \"client-b\",\n name: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"client_role_b\", {\n realmId: realm.id,\n clientId: clientB.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"client_a\",\n realm_id=realm.id,\n client_id=\"client-a\",\n name=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"client_role_a\",\n realm_id=realm.id,\n client_id=client_a.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"client_b\",\n realm_id=realm.id,\n client_id=\"client-b\",\n name=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"client_role_b\",\n realm_id=realm.id,\n client_id=client_b.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"client_a\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Name = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"client_role_a\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"client_b\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Name = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"client_role_b\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"client_a\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tName: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"client_role_a\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"client_b\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tName: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role_b\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client-a\")\n .name(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(clientA.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client-b\")\n .name(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(clientB.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n name: client_a\n properties:\n realmId: ${realm.id}\n clientId: client-a\n name: client-a\n enabled: true\n accessType: BEARER-ONLY\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n name: client_role_a\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n name: my-client-role\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n name: client_b\n properties:\n realmId: ${realm.id}\n clientId: client-b\n name: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n name: client_role_b\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n name: my-client-role\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: client.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n name: my-client-role\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_generic_client_role_mapper.client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n","properties":{"clientId":{"type":"string","description":"The ID of the client this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n"},"clientScopeId":{"type":"string","description":"The ID of the client scope this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n"},"realmId":{"type":"string","description":"The realm this role mapper exists within.\n"},"roleId":{"type":"string","description":"The ID of the role to be added to this role mapper.\n"}},"required":["realmId","roleId"],"inputProperties":{"clientId":{"type":"string","description":"The ID of the client this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The ID of the client scope this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this role mapper exists within.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The ID of the role to be added to this role mapper.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId","roleId"],"stateInputs":{"description":"Input properties used for looking up and filtering GenericClientRoleMapper resources.\n","properties":{"clientId":{"type":"string","description":"The ID of the client this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The ID of the client scope this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this role mapper exists within.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The ID of the role to be added to this role mapper.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/genericProtocolMapper:GenericProtocolMapper":{"description":"Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors.\nTherefore, if possible, a specific mapper should be used instead.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericProtocolMapper(\"saml_hardcode_attribute_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"test-mapper\",\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper(\"saml_hardcode_attribute_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"test-mapper\",\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericProtocolMapper(\"saml_hardcode_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"test-mapper\",\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericProtocolMapper(ctx, \"saml_hardcode_attribute_mapper\", \u0026keycloak.GenericProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"attribute.name\": pulumi.String(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.String(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.String(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.String(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericProtocolMapper;\nimport com.pulumi.keycloak.GenericProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericProtocolMapper(\"samlHardcodeAttributeMapper\", GenericProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"test-mapper\")\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericProtocolMapper\n name: saml_hardcode_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: test-mapper\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using the following format:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_generic_protocol_mapper.saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_generic_protocol_mapper.saml_hardcode_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"clientId":{"type":"string","description":"The ID of the client this protocol mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n"},"clientScopeId":{"type":"string","description":"The ID of the client scope this protocol mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"protocol":{"type":"string","description":"The type of client (either `openid-connect` or \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e). The type must match the type of the client.\n"},"protocolMapper":{"type":"string","description":"The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["config","name","protocol","protocolMapper","realmId"],"inputProperties":{"clientId":{"type":"string","description":"The ID of the client this protocol mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The ID of the client scope this protocol mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"protocol":{"type":"string","description":"The type of client (either `openid-connect` or \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e). The type must match the type of the client.\n","willReplaceOnChanges":true},"protocolMapper":{"type":"string","description":"The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["config","protocol","protocolMapper","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering GenericProtocolMapper resources.\n","properties":{"clientId":{"type":"string","description":"The ID of the client this protocol mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The ID of the client scope this protocol mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"protocol":{"type":"string","description":"The type of client (either `openid-connect` or \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e). The type must match the type of the client.\n","willReplaceOnChanges":true},"protocolMapper":{"type":"string","description":"The name of the protocol mapper. The protocol mapper must be compatible with the specified client.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/genericRoleMapper:GenericRoleMapper":{"description":"Allow for creating and managing a client's or client scope's role mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n\u003cspan pulumi-lang-nodejs=\"`fullScopeAllowed`\" pulumi-lang-dotnet=\"`FullScopeAllowed`\" pulumi-lang-go=\"`fullScopeAllowed`\" pulumi-lang-python=\"`full_scope_allowed`\" pulumi-lang-yaml=\"`fullScopeAllowed`\" pulumi-lang-java=\"`fullScopeAllowed`\"\u003e`full_scope_allowed`\u003c/span\u003e is set to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"client_a\", {\n realmId: realm.id,\n clientId: \"client-a\",\n name: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"client_role_a\", {\n realmId: realm.id,\n clientId: clientA.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"client_b\", {\n realmId: realm.id,\n clientId: \"client-b\",\n name: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"client_role_b\", {\n realmId: realm.id,\n clientId: clientB.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"client_a\",\n realm_id=realm.id,\n client_id=\"client-a\",\n name=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"client_role_a\",\n realm_id=realm.id,\n client_id=client_a.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"client_b\",\n realm_id=realm.id,\n client_id=\"client-b\",\n name=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"client_role_b\",\n realm_id=realm.id,\n client_id=client_b.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"client_a\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Name = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"client_role_a\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"client_b\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Name = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"client_role_b\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"client_a\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tName: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"client_role_a\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"client_b\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tName: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role_b\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client-a\")\n .name(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(clientA.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client-b\")\n .name(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(clientB.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n name: client_a\n properties:\n realmId: ${realm.id}\n clientId: client-a\n name: client-a\n enabled: true\n accessType: BEARER-ONLY\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n name: client_role_a\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n name: my-client-role\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n name: client_b\n properties:\n realmId: ${realm.id}\n clientId: client-b\n name: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n name: client_role_b\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n name: my-client-role\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: client.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n name: my-client-role\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_generic_role_mapper.client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n","properties":{"clientId":{"type":"string","description":"The ID of the client this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n"},"clientScopeId":{"type":"string","description":"The ID of the client scope this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n"},"realmId":{"type":"string","description":"The realm this role mapper exists within.\n"},"roleId":{"type":"string","description":"The ID of the role to be added to this role mapper.\n"}},"required":["realmId","roleId"],"inputProperties":{"clientId":{"type":"string","description":"The ID of the client this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The ID of the client scope this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this role mapper exists within.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The ID of the role to be added to this role mapper.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId","roleId"],"stateInputs":{"description":"Input properties used for looking up and filtering GenericRoleMapper resources.\n","properties":{"clientId":{"type":"string","description":"The ID of the client this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The ID of the client scope this role mapper should be added to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. This argument is required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not set.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this role mapper exists within.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The ID of the role to be added to this role mapper.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/group:Group":{"description":"Allows for creating and managing Groups within Keycloak.\n\nGroups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and\ngroup membership can be mapped to a claim.\n\nAttributes can also be defined on Groups.\n\nGroups can also be federated from external data sources, such as LDAP or Active Directory. This resource **should not**\nbe used to manage groups that were created this way.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst parentGroup = new keycloak.Group(\"parent_group\", {\n realmId: realm.id,\n name: \"parent-group\",\n});\nconst childGroup = new keycloak.Group(\"child_group\", {\n realmId: realm.id,\n parentId: parentGroup.id,\n name: \"child-group\",\n});\nconst childGroupWithOptionalAttributes = new keycloak.Group(\"child_group_with_optional_attributes\", {\n realmId: realm.id,\n parentId: parentGroup.id,\n name: \"child-group-with-optional-attributes\",\n attributes: {\n foo: \"bar\",\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nparent_group = keycloak.Group(\"parent_group\",\n realm_id=realm.id,\n name=\"parent-group\")\nchild_group = keycloak.Group(\"child_group\",\n realm_id=realm.id,\n parent_id=parent_group.id,\n name=\"child-group\")\nchild_group_with_optional_attributes = keycloak.Group(\"child_group_with_optional_attributes\",\n realm_id=realm.id,\n parent_id=parent_group.id,\n name=\"child-group-with-optional-attributes\",\n attributes={\n \"foo\": \"bar\",\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var parentGroup = new Keycloak.Group(\"parent_group\", new()\n {\n RealmId = realm.Id,\n Name = \"parent-group\",\n });\n\n var childGroup = new Keycloak.Group(\"child_group\", new()\n {\n RealmId = realm.Id,\n ParentId = parentGroup.Id,\n Name = \"child-group\",\n });\n\n var childGroupWithOptionalAttributes = new Keycloak.Group(\"child_group_with_optional_attributes\", new()\n {\n RealmId = realm.Id,\n ParentId = parentGroup.Id,\n Name = \"child-group-with-optional-attributes\",\n Attributes = \n {\n { \"foo\", \"bar\" },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparentGroup, err := keycloak.NewGroup(ctx, \"parent_group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"parent-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"child_group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tName: pulumi.String(\"child-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"child_group_with_optional_attributes\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tName: pulumi.String(\"child-group-with-optional-attributes\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\"multivalue\": pulumi.String(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var parentGroup = new Group(\"parentGroup\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"parent-group\")\n .build());\n\n var childGroup = new Group(\"childGroup\", GroupArgs.builder()\n .realmId(realm.id())\n .parentId(parentGroup.id())\n .name(\"child-group\")\n .build());\n\n var childGroupWithOptionalAttributes = new Group(\"childGroupWithOptionalAttributes\", GroupArgs.builder()\n .realmId(realm.id())\n .parentId(parentGroup.id())\n .name(\"child-group-with-optional-attributes\")\n .attributes(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n parentGroup:\n type: keycloak:Group\n name: parent_group\n properties:\n realmId: ${realm.id}\n name: parent-group\n childGroup:\n type: keycloak:Group\n name: child_group\n properties:\n realmId: ${realm.id}\n parentId: ${parentGroup.id}\n name: child-group\n childGroupWithOptionalAttributes:\n type: keycloak:Group\n name: child_group_with_optional_attributes\n properties:\n realmId: ${realm.id}\n parentId: ${parentGroup.id}\n name: child-group-with-optional-attributes\n attributes:\n foo: bar\n multivalue: value1##value2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroups can be imported using the format `{{realm_id}}/{{group_id}}`, where \u003cspan pulumi-lang-nodejs=\"`groupId`\" pulumi-lang-dotnet=\"`GroupId`\" pulumi-lang-go=\"`groupId`\" pulumi-lang-python=\"`group_id`\" pulumi-lang-yaml=\"`groupId`\" pulumi-lang-java=\"`groupId`\"\u003e`group_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group.child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd\n```\n\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars\n"},"description":{"type":"string"},"name":{"type":"string","description":"The name of the group.\n"},"parentId":{"type":"string","description":"The ID of this group's parent. If omitted, this group will be defined at the root level.\n"},"path":{"type":"string","description":"(Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n"}},"required":["name","path","realmId"],"inputProperties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars\n"},"description":{"type":"string"},"name":{"type":"string","description":"The name of the group.\n"},"parentId":{"type":"string","description":"The ID of this group's parent. If omitted, this group will be defined at the root level.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Group resources.\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars\n"},"description":{"type":"string"},"name":{"type":"string","description":"The name of the group.\n"},"parentId":{"type":"string","description":"The ID of this group's parent. If omitted, this group will be defined at the root level.\n","willReplaceOnChanges":true},"path":{"type":"string","description":"(Computed) The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/groupMemberships:GroupMemberships":{"description":"Allows for managing a Keycloak group's members.\n\nNote that this resource attempts to be an **authoritative** source over group members. When this resource takes control\nover a group's members, users that are manually added to the group will be removed, and users that are manually removed\nfrom the group will be added upon the next run of `pulumi up`.\n\nAlso note that you should not use \u003cspan pulumi-lang-nodejs=\"`keycloak.GroupMemberships`\" pulumi-lang-dotnet=\"`keycloak.GroupMemberships`\" pulumi-lang-go=\"`GroupMemberships`\" pulumi-lang-python=\"`GroupMemberships`\" pulumi-lang-yaml=\"`keycloak.GroupMemberships`\" pulumi-lang-java=\"`keycloak.GroupMemberships`\"\u003e`keycloak.GroupMemberships`\u003c/span\u003e with a group has been assigned as a default group via\n\u003cspan pulumi-lang-nodejs=\"`keycloak.DefaultGroups`\" pulumi-lang-dotnet=\"`keycloak.DefaultGroups`\" pulumi-lang-go=\"`DefaultGroups`\" pulumi-lang-python=\"`DefaultGroups`\" pulumi-lang-yaml=\"`keycloak.DefaultGroups`\" pulumi-lang-java=\"`keycloak.DefaultGroups`\"\u003e`keycloak.DefaultGroups`\u003c/span\u003e.\n\nThis resource **should not** be used to control membership of a group that has its members federated from an external\nsource via group mapping.\n\nTo non-exclusively manage the group's of a user, see the [\u003cspan pulumi-lang-nodejs=\"`keycloak.UserGroups`\" pulumi-lang-dotnet=\"`keycloak.UserGroups`\" pulumi-lang-go=\"`UserGroups`\" pulumi-lang-python=\"`UserGroups`\" pulumi-lang-yaml=\"`keycloak.UserGroups`\" pulumi-lang-java=\"`keycloak.UserGroups`\"\u003e`keycloak.UserGroups`\u003c/span\u003e resource][1]\n\nThis resource paginates its data loading on refresh by 50 items.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst groupMembers = new keycloak.GroupMemberships(\"group_members\", {\n realmId: realm.id,\n groupId: group.id,\n members: [user.username],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\ngroup_members = keycloak.GroupMemberships(\"group_members\",\n realm_id=realm.id,\n group_id=group.id,\n members=[user.username])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var groupMembers = new Keycloak.GroupMemberships(\"group_members\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Members = new[]\n {\n user.Username,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupMemberships(ctx, \"group_members\", \u0026keycloak.GroupMembershipsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tuser.Username,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.GroupMemberships;\nimport com.pulumi.keycloak.GroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var groupMembers = new GroupMemberships(\"groupMembers\", GroupMembershipsArgs.builder()\n .realmId(realm.id())\n .groupId(group.id())\n .members(user.username())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n groupMembers:\n type: keycloak:GroupMemberships\n name: group_members\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n members:\n - ${user.username}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n\n[1]: https://registry.terraform.io/providers/keycloak/keycloak/latest/docs/resources/group_memberships\n\n","properties":{"groupId":{"type":"string","description":"The ID of the group this resource should manage memberships for.\n"},"members":{"type":"array","items":{"type":"string"},"description":"A list of usernames that belong to this group.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n"}},"required":["members","realmId"],"inputProperties":{"groupId":{"type":"string","description":"The ID of the group this resource should manage memberships for.\n","willReplaceOnChanges":true},"members":{"type":"array","items":{"type":"string"},"description":"A list of usernames that belong to this group.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["members","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupMemberships resources.\n","properties":{"groupId":{"type":"string","description":"The ID of the group this resource should manage memberships for.\n","willReplaceOnChanges":true},"members":{"type":"array","items":{"type":"string"},"description":"A list of usernames that belong to this group.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/groupPermissions:GroupPermissions":{"description":"Allows you to manage all group Scope Based Permissions https://www.keycloak.org/docs/latest/server_admin/#group.\n\nThis is part of a preview Keycloak feature: \u003cspan pulumi-lang-nodejs=\"`adminFineGrainedAuthz`\" pulumi-lang-dotnet=\"`AdminFineGrainedAuthz`\" pulumi-lang-go=\"`adminFineGrainedAuthz`\" pulumi-lang-python=\"`admin_fine_grained_authz`\" pulumi-lang-yaml=\"`adminFineGrainedAuthz`\" pulumi-lang-java=\"`adminFineGrainedAuthz`\"\u003e`admin_fine_grained_authz`\u003c/span\u003e (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).\nThis feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the\nexample `docker-compose.yml` file for an example.\n\nWhen enabling Roles Permissions, Keycloak does several things automatically:\n1. Enable Authorization on built-in `realm-management` client (if not already enabled).\n1. Create a resource representing the role permissions.\n1. Create scopes \u003cspan pulumi-lang-nodejs=\"`view`\" pulumi-lang-dotnet=\"`View`\" pulumi-lang-go=\"`view`\" pulumi-lang-python=\"`view`\" pulumi-lang-yaml=\"`view`\" pulumi-lang-java=\"`view`\"\u003e`view`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`manage`\" pulumi-lang-dotnet=\"`Manage`\" pulumi-lang-go=\"`manage`\" pulumi-lang-python=\"`manage`\" pulumi-lang-yaml=\"`manage`\" pulumi-lang-java=\"`manage`\"\u003e`manage`\u003c/span\u003e, `view-members`, `manage-members`, `manage-membership`.\n1. Create all scope based permission for the scopes and role resource\n","properties":{"authorizationResourceServerId":{"type":"string","description":"Resource server id representing the realm management client on which this permission is managed"},"enabled":{"type":"boolean"},"groupId":{"type":"string"},"manageMembersScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageMembersScope:GroupPermissionsManageMembersScope"},"manageMembershipScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageMembershipScope:GroupPermissionsManageMembershipScope"},"manageScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageScope:GroupPermissionsManageScope"},"realmId":{"type":"string"},"viewMembersScope":{"$ref":"#/types/keycloak:index/GroupPermissionsViewMembersScope:GroupPermissionsViewMembersScope"},"viewScope":{"$ref":"#/types/keycloak:index/GroupPermissionsViewScope:GroupPermissionsViewScope"}},"required":["authorizationResourceServerId","enabled","groupId","realmId"],"inputProperties":{"groupId":{"type":"string","willReplaceOnChanges":true},"manageMembersScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageMembersScope:GroupPermissionsManageMembersScope"},"manageMembershipScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageMembershipScope:GroupPermissionsManageMembershipScope"},"manageScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageScope:GroupPermissionsManageScope"},"realmId":{"type":"string","willReplaceOnChanges":true},"viewMembersScope":{"$ref":"#/types/keycloak:index/GroupPermissionsViewMembersScope:GroupPermissionsViewMembersScope"},"viewScope":{"$ref":"#/types/keycloak:index/GroupPermissionsViewScope:GroupPermissionsViewScope"}},"requiredInputs":["groupId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupPermissions resources.\n","properties":{"authorizationResourceServerId":{"type":"string","description":"Resource server id representing the realm management client on which this permission is managed"},"enabled":{"type":"boolean"},"groupId":{"type":"string","willReplaceOnChanges":true},"manageMembersScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageMembersScope:GroupPermissionsManageMembersScope"},"manageMembershipScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageMembershipScope:GroupPermissionsManageMembershipScope"},"manageScope":{"$ref":"#/types/keycloak:index/GroupPermissionsManageScope:GroupPermissionsManageScope"},"realmId":{"type":"string","willReplaceOnChanges":true},"viewMembersScope":{"$ref":"#/types/keycloak:index/GroupPermissionsViewMembersScope:GroupPermissionsViewMembersScope"},"viewScope":{"$ref":"#/types/keycloak:index/GroupPermissionsViewScope:GroupPermissionsViewScope"}},"type":"object"}},"keycloak:index/groupRoles:GroupRoles":{"description":"Allows you to manage roles assigned to a Keycloak group.\n\nIf \u003cspan pulumi-lang-nodejs=\"`exhaustive`\" pulumi-lang-dotnet=\"`Exhaustive`\" pulumi-lang-go=\"`exhaustive`\" pulumi-lang-python=\"`exhaustive`\" pulumi-lang-yaml=\"`exhaustive`\" pulumi-lang-java=\"`exhaustive`\"\u003e`exhaustive`\u003c/span\u003e is true, this resource attempts to be an **authoritative** source over group roles: roles that are manually added to the group will be removed, and roles that are manually removed from the\ngroup will be added upon the next run of `pulumi up`.\nIf \u003cspan pulumi-lang-nodejs=\"`exhaustive`\" pulumi-lang-dotnet=\"`Exhaustive`\" pulumi-lang-go=\"`exhaustive`\" pulumi-lang-python=\"`exhaustive`\" pulumi-lang-yaml=\"`exhaustive`\" pulumi-lang-java=\"`exhaustive`\"\u003e`exhaustive`\u003c/span\u003e is false, this resource is a partial assignation of roles to a group. As a result, you can get multiple \u003cspan pulumi-lang-nodejs=\"`keycloak.GroupRoles`\" pulumi-lang-dotnet=\"`keycloak.GroupRoles`\" pulumi-lang-go=\"`GroupRoles`\" pulumi-lang-python=\"`GroupRoles`\" pulumi-lang-yaml=\"`keycloak.GroupRoles`\" pulumi-lang-java=\"`keycloak.GroupRoles`\"\u003e`keycloak.GroupRoles`\u003c/span\u003e for the same \u003cspan pulumi-lang-nodejs=\"`groupId`\" pulumi-lang-dotnet=\"`GroupId`\" pulumi-lang-go=\"`groupId`\" pulumi-lang-python=\"`group_id`\" pulumi-lang-yaml=\"`groupId`\" pulumi-lang-java=\"`groupId`\"\u003e`group_id`\u003c/span\u003e.\n\nNote that when assigning composite roles to a group, you may see a non-empty plan following a `pulumi up` if you\nassign a role and a composite that includes that role to the same group.\n\n## Example Usage\n\n### Exhaustive Roles)\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: clientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst groupRoles = new keycloak.GroupRoles(\"group_roles\", {\n realmId: realm.id,\n groupId: group.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\")\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\ngroup_roles = keycloak.GroupRoles(\"group_roles\",\n realm_id=realm.id,\n group_id=group.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = clientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"group_roles\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(clientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"group_roles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(clientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder()\n .realmId(realm.id())\n .groupId(group.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${clientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n groupRoles:\n type: keycloak:GroupRoles\n name: group_roles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Non Exhaustive Roles)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: clientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst groupRoleAssociation1 = new keycloak.GroupRoles(\"group_role_association1\", {\n realmId: realm.id,\n groupId: group.id,\n exhaustive: false,\n roleIds: [realmRole.id],\n});\nconst groupRoleAssociation2 = new keycloak.GroupRoles(\"group_role_association2\", {\n realmId: realm.id,\n groupId: group.id,\n exhaustive: false,\n roleIds: [clientRole.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\")\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\ngroup_role_association1 = keycloak.GroupRoles(\"group_role_association1\",\n realm_id=realm.id,\n group_id=group.id,\n exhaustive=False,\n role_ids=[realm_role.id])\ngroup_role_association2 = keycloak.GroupRoles(\"group_role_association2\",\n realm_id=realm.id,\n group_id=group.id,\n exhaustive=False,\n role_ids=[client_role.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = clientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var groupRoleAssociation1 = new Keycloak.GroupRoles(\"group_role_association1\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Exhaustive = false,\n RoleIds = new[]\n {\n realmRole.Id,\n },\n });\n\n var groupRoleAssociation2 = new Keycloak.GroupRoles(\"group_role_association2\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Exhaustive = false,\n RoleIds = new[]\n {\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(clientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"group_role_association1\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"group_role_association2\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(clientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var groupRoleAssociation1 = new GroupRoles(\"groupRoleAssociation1\", GroupRolesArgs.builder()\n .realmId(realm.id())\n .groupId(group.id())\n .exhaustive(false)\n .roleIds(realmRole.id())\n .build());\n\n var groupRoleAssociation2 = new GroupRoles(\"groupRoleAssociation2\", GroupRolesArgs.builder()\n .realmId(realm.id())\n .groupId(group.id())\n .exhaustive(false)\n .roleIds(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${clientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n groupRoleAssociation1:\n type: keycloak:GroupRoles\n name: group_role_association1\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n exhaustive: false\n roleIds:\n - ${realmRole.id}\n groupRoleAssociation2:\n type: keycloak:GroupRoles\n name: group_role_association2\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n exhaustive: false\n roleIds:\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{group_id}}`, where \u003cspan pulumi-lang-nodejs=\"`groupId`\" pulumi-lang-dotnet=\"`GroupId`\" pulumi-lang-go=\"`groupId`\" pulumi-lang-python=\"`group_id`\" pulumi-lang-yaml=\"`groupId`\" pulumi-lang-java=\"`groupId`\"\u003e`group_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically\na GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group_roles.group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94\n```\n\n","properties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"groupId":{"type":"string","description":"The ID of the group this resource should manage roles for.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n"},"roleIds":{"type":"array","items":{"type":"string"},"description":"A list of role IDs to map to the group.\n"}},"required":["groupId","realmId","roleIds"],"inputProperties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"groupId":{"type":"string","description":"The ID of the group this resource should manage roles for.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true},"roleIds":{"type":"array","items":{"type":"string"},"description":"A list of role IDs to map to the group.\n"}},"requiredInputs":["groupId","realmId","roleIds"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupRoles resources.\n","properties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the group will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"groupId":{"type":"string","description":"The ID of the group this resource should manage roles for.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true},"roleIds":{"type":"array","items":{"type":"string"},"description":"A list of role IDs to map to the group.\n"}},"type":"object"}},"keycloak:index/hardcodedAttributeIdentityProviderMapper:HardcodedAttributeIdentityProviderMapper":{"description":"Allows for creating and managing hardcoded attribute mappers for Keycloak identity provider.\n\nThe identity provider hardcoded attribute mapper will set the specified value to the IDP attribute.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst oidcHardcodedAttributeIdentityProviderMapper = new keycloak.HardcodedAttributeIdentityProviderMapper(\"oidc\", {\n realm: realm.id,\n name: \"hardcodedUserSessionAttribute\",\n identityProviderAlias: oidc.alias,\n attributeName: \"attribute\",\n attributeValue: \"value\",\n userSession: true,\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\noidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper(\"oidc\",\n realm=realm.id,\n name=\"hardcodedUserSessionAttribute\",\n identity_provider_alias=oidc.alias,\n attribute_name=\"attribute\",\n attribute_value=\"value\",\n user_session=True,\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var oidcHardcodedAttributeIdentityProviderMapper = new Keycloak.HardcodedAttributeIdentityProviderMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"hardcodedUserSessionAttribute\",\n IdentityProviderAlias = oidc.Alias,\n AttributeName = \"attribute\",\n AttributeValue = \"value\",\n UserSession = true,\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedAttributeIdentityProviderMapper(ctx, \"oidc\", \u0026keycloak.HardcodedAttributeIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"hardcodedUserSessionAttribute\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tAttributeName: pulumi.String(\"attribute\"),\n\t\t\tAttributeValue: pulumi.String(\"value\"),\n\t\t\tUserSession: pulumi.Bool(true),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"syncMode\": pulumi.String(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapper;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var oidcHardcodedAttributeIdentityProviderMapper = new HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", HardcodedAttributeIdentityProviderMapperArgs.builder()\n .realm(realm.id())\n .name(\"hardcodedUserSessionAttribute\")\n .identityProviderAlias(oidc.alias())\n .attributeName(\"attribute\")\n .attributeValue(\"value\")\n .userSession(true)\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n oidcHardcodedAttributeIdentityProviderMapper:\n type: keycloak:HardcodedAttributeIdentityProviderMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: hardcodedUserSessionAttribute\n identityProviderAlias: ${oidc.alias}\n attributeName: attribute\n attributeValue: value\n userSession: true\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","properties":{"attributeName":{"type":"string","description":"The name of the IDP attribute to set.\n"},"attributeValue":{"type":"string","description":"The value to set to the attribute. You can hardcode any value like 'foo'.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n"},"userSession":{"type":"boolean","description":"Is Attribute related to a User Session.\n"}},"required":["identityProviderAlias","name","realm","userSession"],"inputProperties":{"attributeName":{"type":"string","description":"The name of the IDP attribute to set.\n"},"attributeValue":{"type":"string","description":"The value to set to the attribute. You can hardcode any value like 'foo'.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n","willReplaceOnChanges":true},"userSession":{"type":"boolean","description":"Is Attribute related to a User Session.\n","willReplaceOnChanges":true}},"requiredInputs":["identityProviderAlias","realm","userSession"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedAttributeIdentityProviderMapper resources.\n","properties":{"attributeName":{"type":"string","description":"The name of the IDP attribute to set.\n"},"attributeValue":{"type":"string","description":"The value to set to the attribute. You can hardcode any value like 'foo'.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n","willReplaceOnChanges":true},"userSession":{"type":"boolean","description":"Is Attribute related to a User Session.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/hardcodedAttributeMapper:HardcodedAttributeMapper":{"description":"Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.\n\nThe user model hardcoded attribute mapper will set the specified value to the attribute.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n syncRegistrations: true,\n});\nconst emailVerified = new keycloak.HardcodedAttributeMapper(\"email_verified\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"email_verified\",\n attributeName: \"email_verified\",\n attributeValue: \"true\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n sync_registrations=True)\nemail_verified = keycloak.HardcodedAttributeMapper(\"email_verified\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"email_verified\",\n attribute_name=\"email_verified\",\n attribute_value=\"true\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n SyncRegistrations = true,\n });\n\n var emailVerified = new Keycloak.HardcodedAttributeMapper(\"email_verified\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"email_verified\",\n AttributeName = \"email_verified\",\n AttributeValue = \"true\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tSyncRegistrations: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedAttributeMapper(ctx, \"email_verified\", \u0026keycloak.HardcodedAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"email_verified\"),\n\t\t\tAttributeName: pulumi.String(\"email_verified\"),\n\t\t\tAttributeValue: pulumi.String(\"true\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.HardcodedAttributeMapper;\nimport com.pulumi.keycloak.HardcodedAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .syncRegistrations(true)\n .build());\n\n var emailVerified = new HardcodedAttributeMapper(\"emailVerified\", HardcodedAttributeMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"email_verified\")\n .attributeName(\"email_verified\")\n .attributeValue(\"true\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n syncRegistrations: true\n emailVerified:\n type: keycloak:HardcodedAttributeMapper\n name: email_verified\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: email_verified\n attributeName: email_verified\n attributeValue: 'true'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{attribute__mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_hardcoded_attribute_mapper.email_verified my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"attributeName":{"type":"string","description":"The name of the user model attribute to set.\n"},"attributeValue":{"type":"string","description":"The value to set to model attribute. You can hardcode any value like 'foo'.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"}},"required":["attributeName","attributeValue","ldapUserFederationId","name","realmId"],"inputProperties":{"attributeName":{"type":"string","description":"The name of the user model attribute to set.\n","willReplaceOnChanges":true},"attributeValue":{"type":"string","description":"The value to set to model attribute. You can hardcode any value like 'foo'.\n","willReplaceOnChanges":true},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"requiredInputs":["attributeName","attributeValue","ldapUserFederationId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedAttributeMapper resources.\n","properties":{"attributeName":{"type":"string","description":"The name of the user model attribute to set.\n","willReplaceOnChanges":true},"attributeValue":{"type":"string","description":"The value to set to model attribute. You can hardcode any value like 'foo'.\n","willReplaceOnChanges":true},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/hardcodedGroupIdentityProviderMapper:HardcodedGroupIdentityProviderMapper":{"description":"Allows for creating and managing hardcoded group mappers for Keycloak identity provider.\n\nThe identity provider hardcoded group mapper grants a specified Keycloak group to each Keycloak user from the identity provider.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst realmGroup = new keycloak.Group(\"realm_group\", {\n realmId: realm.id,\n name: \"my-realm-group\",\n description: \"My Realm Group\",\n});\nconst oidcHardcodedGroupIdentityProviderMapper = new keycloak.HardcodedGroupIdentityProviderMapper(\"oidc\", {\n realm: realm.id,\n name: \"hardcodedGroup\",\n identityProviderAlias: oidc.alias,\n group: \"my-realm-group\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\nrealm_group = keycloak.Group(\"realm_group\",\n realm_id=realm.id,\n name=\"my-realm-group\",\n description=\"My Realm Group\")\noidc_hardcoded_group_identity_provider_mapper = keycloak.HardcodedGroupIdentityProviderMapper(\"oidc\",\n realm=realm.id,\n name=\"hardcodedGroup\",\n identity_provider_alias=oidc.alias,\n group=\"my-realm-group\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var realmGroup = new Keycloak.Group(\"realm_group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-group\",\n Description = \"My Realm Group\",\n });\n\n var oidcHardcodedGroupIdentityProviderMapper = new Keycloak.HardcodedGroupIdentityProviderMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"hardcodedGroup\",\n IdentityProviderAlias = oidc.Alias,\n Group = \"my-realm-group\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"realm_group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-group\"),\n\t\t\tDescription: pulumi.String(\"My Realm Group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedGroupIdentityProviderMapper(ctx, \"oidc\", \u0026keycloak.HardcodedGroupIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"hardcodedGroup\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tGroup: pulumi.String(\"my-realm-group\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"syncMode\": pulumi.String(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.HardcodedGroupIdentityProviderMapper;\nimport com.pulumi.keycloak.HardcodedGroupIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var realmGroup = new Group(\"realmGroup\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-group\")\n .description(\"My Realm Group\")\n .build());\n\n var oidcHardcodedGroupIdentityProviderMapper = new HardcodedGroupIdentityProviderMapper(\"oidcHardcodedGroupIdentityProviderMapper\", HardcodedGroupIdentityProviderMapperArgs.builder()\n .realm(realm.id())\n .name(\"hardcodedGroup\")\n .identityProviderAlias(oidc.alias())\n .group(\"my-realm-group\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n realmGroup:\n type: keycloak:Group\n name: realm_group\n properties:\n realmId: ${realm.id}\n name: my-realm-group\n description: My Realm Group\n oidcHardcodedGroupIdentityProviderMapper:\n type: keycloak:HardcodedGroupIdentityProviderMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: hardcodedGroup\n identityProviderAlias: ${oidc.alias}\n group: my-realm-group\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"group":{"type":"string","description":"The name of the group which should be assigned to the users.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n"}},"required":["identityProviderAlias","name","realm"],"inputProperties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"group":{"type":"string","description":"The name of the group which should be assigned to the users.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n","willReplaceOnChanges":true}},"requiredInputs":["identityProviderAlias","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedGroupIdentityProviderMapper resources.\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"group":{"type":"string","description":"The name of the group which should be assigned to the users.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/hardcodedRoleIdentityMapper:HardcodedRoleIdentityMapper":{"description":"Allows for creating and managing hardcoded role mappers for Keycloak identity provider.\n\nThe identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper(\"oidc\", {\n realm: realm.id,\n name: \"hardcodedRole\",\n identityProviderAlias: oidc.alias,\n role: \"my-realm-role\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\noidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper(\"oidc\",\n realm=realm.id,\n name=\"hardcodedRole\",\n identity_provider_alias=oidc.alias,\n role=\"my-realm-role\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"hardcodedRole\",\n IdentityProviderAlias = oidc.Alias,\n Role = \"my-realm-role\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, \"oidc\", \u0026keycloak.HardcodedRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"hardcodedRole\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"syncMode\": pulumi.String(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapper;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var oidcHardcodedRoleIdentityMapper = new HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", HardcodedRoleIdentityMapperArgs.builder()\n .realm(realm.id())\n .name(\"hardcodedRole\")\n .identityProviderAlias(oidc.alias())\n .role(\"my-realm-role\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n oidcHardcodedRoleIdentityMapper:\n type: keycloak:HardcodedRoleIdentityMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: hardcodedRole\n identityProviderAlias: ${oidc.alias}\n role: my-realm-role\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n"},"role":{"type":"string","description":"The name of the role which should be assigned to the users.\n"}},"required":["identityProviderAlias","name","realm"],"inputProperties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role which should be assigned to the users.\n"}},"requiredInputs":["identityProviderAlias","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedRoleIdentityMapper resources.\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this mapper. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"identityProviderAlias":{"type":"string","description":"The IDP alias of the attribute to set.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm ID that this mapper will exist in.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role which should be assigned to the users.\n"}},"type":"object"}},"keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission":{"description":"Allows you to manage Identity Provider \"Token exchange\" Scope Based Permissions.\n\nThis is part of a preview keycloak feature. You need to enable this feature to be able to use this resource.\nMore information about enabling the preview feature can be found here: https://www.keycloak.org/securing-apps/token-exchange\n\nWhen enabling Identity Provider Permissions, Keycloak does several things automatically:\n1. Enable Authorization on build-in realm-management client\n1. Create a \"token-exchange\" scope\n1. Create a resource representing the identity provider\n1. Create a scope based permission for the \"token-exchange\" scope and identity provider resource\n\nThe only thing that is missing is a policy set on the permission.\nAs the policy lives within the context of the realm-management client, you cannot create a policy resource and link to from with your _.tf_ file. This would also cause an implicit cycle dependency.\nThus, the only way to manage this in terraform is to create and manage the policy internally from within this terraform resource itself.\nAt the moment only a client policy type is supported. The client policy will automatically be created for the \u003cspan pulumi-lang-nodejs=\"`clients`\" pulumi-lang-dotnet=\"`Clients`\" pulumi-lang-go=\"`clients`\" pulumi-lang-python=\"`clients`\" pulumi-lang-yaml=\"`clients`\" pulumi-lang-java=\"`clients`\"\u003e`clients`\u003c/span\u003e parameter.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst tokenExchangeRealm = new keycloak.Realm(\"token_exchange_realm\", {\n realm: \"token-exchange_destination_realm\",\n enabled: true,\n});\nconst tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider(\"token_exchange_my_oidc_idp\", {\n realm: tokenExchangeRealm.id,\n alias: \"myIdp\",\n authorizationUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n tokenUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n clientId: \"clientId\",\n clientSecret: \"secret\",\n defaultScopes: \"openid\",\n});\nconst token_exchangeWebappClient = new keycloak.openid.Client(\"token-exchange_webapp_client\", {\n realmId: tokenExchangeRealm.id,\n name: \"webapp_client\",\n clientId: \"webapp_client\",\n clientSecret: \"secret\",\n description: \"a webapp client on the destination realm\",\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/*\"],\n});\n//relevant part\nconst oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission(\"oidc_idp_permission\", {\n realmId: tokenExchangeRealm.id,\n providerAlias: tokenExchangeMyOidcIdp.alias,\n policyType: \"client\",\n clients: [token_exchangeWebappClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntoken_exchange_realm = keycloak.Realm(\"token_exchange_realm\",\n realm=\"token-exchange_destination_realm\",\n enabled=True)\ntoken_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider(\"token_exchange_my_oidc_idp\",\n realm=token_exchange_realm.id,\n alias=\"myIdp\",\n authorization_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n token_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n client_id=\"clientId\",\n client_secret=\"secret\",\n default_scopes=\"openid\")\ntoken_exchange_webapp_client = keycloak.openid.Client(\"token-exchange_webapp_client\",\n realm_id=token_exchange_realm.id,\n name=\"webapp_client\",\n client_id=\"webapp_client\",\n client_secret=\"secret\",\n description=\"a webapp client on the destination realm\",\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/*\"])\n#relevant part\noidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission(\"oidc_idp_permission\",\n realm_id=token_exchange_realm.id,\n provider_alias=token_exchange_my_oidc_idp.alias,\n policy_type=\"client\",\n clients=[token_exchange_webapp_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenExchangeRealm = new Keycloak.Realm(\"token_exchange_realm\", new()\n {\n RealmName = \"token-exchange_destination_realm\",\n Enabled = true,\n });\n\n var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider(\"token_exchange_my_oidc_idp\", new()\n {\n Realm = tokenExchangeRealm.Id,\n Alias = \"myIdp\",\n AuthorizationUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n TokenUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n ClientId = \"clientId\",\n ClientSecret = \"secret\",\n DefaultScopes = \"openid\",\n });\n\n var token_exchangeWebappClient = new Keycloak.OpenId.Client(\"token-exchange_webapp_client\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n Name = \"webapp_client\",\n ClientId = \"webapp_client\",\n ClientSecret = \"secret\",\n Description = \"a webapp client on the destination realm\",\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/*\",\n },\n });\n\n //relevant part\n var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission(\"oidc_idp_permission\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ProviderAlias = tokenExchangeMyOidcIdp.Alias,\n PolicyType = \"client\",\n Clients = new[]\n {\n token_exchangeWebappClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenExchangeRealm, err := keycloak.NewRealm(ctx, \"token_exchange_realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"token-exchange_destination_realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, \"token_exchange_my_oidc_idp\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: tokenExchangeRealm.ID(),\n\t\t\tAlias: pulumi.String(\"myIdp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\"),\n\t\t\tClientId: pulumi.String(\"clientId\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttoken_exchangeWebappClient, err := openid.NewClient(ctx, \"token-exchange_webapp_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tName: pulumi.String(\"webapp_client\"),\n\t\t\tClientId: pulumi.String(\"webapp_client\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDescription: pulumi.String(\"a webapp client on the destination realm\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/*\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// relevant part\n\t\t_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, \"oidc_idp_permission\", \u0026keycloak.IdentityProviderTokenExchangeScopePermissionArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tProviderAlias: tokenExchangeMyOidcIdp.Alias,\n\t\t\tPolicyType: pulumi.String(\"client\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\ttoken_exchangeWebappClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tokenExchangeRealm = new Realm(\"tokenExchangeRealm\", RealmArgs.builder()\n .realm(\"token-exchange_destination_realm\")\n .enabled(true)\n .build());\n\n var tokenExchangeMyOidcIdp = new IdentityProvider(\"tokenExchangeMyOidcIdp\", IdentityProviderArgs.builder()\n .realm(tokenExchangeRealm.id())\n .alias(\"myIdp\")\n .authorizationUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\")\n .tokenUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\")\n .clientId(\"clientId\")\n .clientSecret(\"secret\")\n .defaultScopes(\"openid\")\n .build());\n\n var token_exchangeWebappClient = new Client(\"token-exchangeWebappClient\", ClientArgs.builder()\n .realmId(tokenExchangeRealm.id())\n .name(\"webapp_client\")\n .clientId(\"webapp_client\")\n .clientSecret(\"secret\")\n .description(\"a webapp client on the destination realm\")\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/*\")\n .build());\n\n //relevant part\n var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", IdentityProviderTokenExchangeScopePermissionArgs.builder()\n .realmId(tokenExchangeRealm.id())\n .providerAlias(tokenExchangeMyOidcIdp.alias())\n .policyType(\"client\")\n .clients(token_exchangeWebappClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tokenExchangeRealm:\n type: keycloak:Realm\n name: token_exchange_realm\n properties:\n realm: token-exchange_destination_realm\n enabled: true\n tokenExchangeMyOidcIdp:\n type: keycloak:oidc:IdentityProvider\n name: token_exchange_my_oidc_idp\n properties:\n realm: ${tokenExchangeRealm.id}\n alias: myIdp\n authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\n tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\n clientId: clientId\n clientSecret: secret\n defaultScopes: openid\n token-exchangeWebappClient:\n type: keycloak:openid:Client\n name: token-exchange_webapp_client\n properties:\n realmId: ${tokenExchangeRealm.id}\n name: webapp_client\n clientId: webapp_client\n clientSecret: secret\n description: a webapp client on the destination realm\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/*\n # relevant part\n oidcIdpPermission:\n type: keycloak:IdentityProviderTokenExchangeScopePermission\n name: oidc_idp_permission\n properties:\n realmId: ${tokenExchangeRealm.id}\n providerAlias: ${tokenExchangeMyOidcIdp.alias}\n policyType: client\n clients:\n - ${[\"token-exchangeWebappClient\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where \u003cspan pulumi-lang-nodejs=\"`providerAlias`\" pulumi-lang-dotnet=\"`ProviderAlias`\" pulumi-lang-go=\"`providerAlias`\" pulumi-lang-python=\"`provider_alias`\" pulumi-lang-yaml=\"`providerAlias`\" pulumi-lang-java=\"`providerAlias`\"\u003e`provider_alias`\u003c/span\u003e is the alias that\nyou assign to the identity provider upon creation.\n\nExample:\n\n```bash\n$ terraform import keycloak_identity_provider_token_exchange_scope_permission.oidc_idp_permission my-realm/myIdp\n```\n\n","properties":{"authorizationIdpResourceId":{"type":"string","description":"(Computed) Resource ID representing the identity provider, this automatically created by keycloak.\n"},"authorizationResourceServerId":{"type":"string","description":"(Computed) Resource server ID representing the realm management client on which this permission is managed.\n"},"authorizationTokenExchangeScopePermissionId":{"type":"string","description":"(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.\n"},"clients":{"type":"array","items":{"type":"string"},"description":"A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.\n"},"policyId":{"type":"string","description":"(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.\n"},"policyType":{"type":"string","description":"Defaults to \"client\" This is also the only value policy type supported by this provider.\n"},"providerAlias":{"type":"string","description":"Alias of the identity provider.\n"},"realmId":{"type":"string","description":"The realm that the identity provider exists in.\n"}},"required":["authorizationIdpResourceId","authorizationResourceServerId","authorizationTokenExchangeScopePermissionId","clients","policyId","providerAlias","realmId"],"inputProperties":{"clients":{"type":"array","items":{"type":"string"},"description":"A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.\n"},"policyType":{"type":"string","description":"Defaults to \"client\" This is also the only value policy type supported by this provider.\n"},"providerAlias":{"type":"string","description":"Alias of the identity provider.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm that the identity provider exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["clients","providerAlias","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering IdentityProviderTokenExchangeScopePermission resources.\n","properties":{"authorizationIdpResourceId":{"type":"string","description":"(Computed) Resource ID representing the identity provider, this automatically created by keycloak.\n"},"authorizationResourceServerId":{"type":"string","description":"(Computed) Resource server ID representing the realm management client on which this permission is managed.\n"},"authorizationTokenExchangeScopePermissionId":{"type":"string","description":"(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.\n"},"clients":{"type":"array","items":{"type":"string"},"description":"A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.\n"},"policyId":{"type":"string","description":"(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.\n"},"policyType":{"type":"string","description":"Defaults to \"client\" This is also the only value policy type supported by this provider.\n"},"providerAlias":{"type":"string","description":"Alias of the identity provider.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm that the identity provider exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/kubernetesIdentityProvider:KubernetesIdentityProvider":{"description":"Allows for creating and managing Kubernetes Identity Providers within Keycloak. Workloads inside a Kubernetes cluster can authenticate using service account tokens.\n\n\u003e **NOTICE:**\n\u003e This is part of a preview keycloak feature. You need to enable this feature to be able to use this resource.\n\u003e More information about enabling the preview feature can be found here: https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker_kubernetes\n\n{{% examples %}}\n## Example Usage\n\n### With An OpenID Client\n```hcl\nresource \"keycloak_realm\" \"realm\" {\n realm = \"my-realm\"\n enabled = true\n}\n\nresource \"keycloak_kubernetes_identity_provider\" \"kubernetes\" {\n realm = keycloak_realm.realm.id\n alias = \"my-k8s-idp\"\n issuer = \"https://example.com/issuer/\"\n}\n\nresource \"keycloak_openid_client\" \"k8s_client\" {\n realm_id = keycloak_realm.realm.id\n client_id = \"k8s-client\"\n\n name = \"K8s Client\"\n enabled = true\n\n access_type = \"CONFIDENTIAL\"\n service_accounts_enabled = true\n client_authenticator_type = \"federated-jwt\"\n extra_config = {\n \"jwt.credential.issuer\" = keycloak_kubernetes_identity_provider.kubernetes.alias\n \"jwt.credential.sub\" = \"system:serviceaccount:\u003cnamespace\u003e:\u003cservice-account-name\u003e\"\n }\n}\n```\n\n\n### With A Kubernetes Workload Authentication\n\n### Keycloak configuration\n\n```hcl\nresource \"keycloak_realm\" \"realm\" {\n realm = \"my-realm\"\n enabled = true\n}\n\nresource \"keycloak_kubernetes_identity_provider\" \"kubernetes\" {\n realm = keycloak_realm.realm.id\n alias = \"my-k8s-idp\"\n issuer = \"https://example.com/issuer/\"\n}\n\nresource \"keycloak_openid_client\" \"k8s_client\" {\n realm_id = keycloak_realm.realm.id\n client_id = \"k8s-client\"\n\n name = \"K8s Client\"\n enabled = true\n\n access_type = \"CONFIDENTIAL\"\n service_accounts_enabled = true\n client_authenticator_type = \"federated-jwt\"\n extra_config = {\n \"jwt.credential.issuer\" = keycloak_kubernetes_identity_provider.kubernetes.alias\n \"jwt.credential.sub\" = \"system:serviceaccount:\u003cnamespace\u003e:\u003cservice-account-name\u003e\"\n }\n}\n\n# You need to create a new `Client Authentication` flow. In this example there is only one authenticator in it, but more can be configured if needed\n\nresource \"keycloak_authentication_flow\" \"client_authentication\" {\n realm_id = keycloak_realm.realm.id\n alias = \"clients-federated-jwt\"\n provider_id = \"client-flow\"\n}\n\nresource \"keycloak_authentication_execution\" \"federated_jwt\" {\n realm_id = keycloak_realm.realm.id\n parent_flow_alias = keycloak_authentication_flow.client_authentication.alias\n authenticator = \"federated-jwt\"\n requirement = \"ALTERNATIVE\"\n}\n\nresource \"keycloak_authentication_bindings\" \"auth_bindings\" {\n realm_id = keycloak_realm.realm.id\n client_authentication_flow = keycloak_authentication_flow.client_authentication.alias\n}\n```\n\n### Kubernetes workload\n\nIn your Kubernetes workload, you need to mount a service account token with the right audience pointing to your Keycloak instance\n```yaml\n---\napiVersion: v1\nkind: Pod\n...\nspec:\n serviceAccountName: \u003cserviceaccount\u003e\n ...\n volumeMounts:\n - mountPath: /var/run/secrets\n name: aud-token\n ...\n volumes:\n - name: aud-token\n projected:\n defaultMode: 420\n sources:\n - serviceAccountToken:\n audience: https://example.com:8443/realms/test \u003c1\u003e\n expirationSeconds: 600 \u003c2\u003e\n path: keycloak\n---\n```\n\n1. Issuer URL of the Keycloak realm.\n2. Maximum time allowed by Kubernetes is 3600 seconds\n\n### In the Pod, use curl to authenticate to Keycloak:\n\n```bash\ncurl -k https://example.com:8443/realms/\u003crealm\u003e/protocol/openid-connect/token \\\n -H 'Content-Type: application/x-www-form-urlencoded' \\\n --data-urlencode grant_type=client_credentials \\\n --data-urlencode\n client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \\\n --data-urlencode client_assertion=$(cat /var/run/secrets/keycloak)\n```\n\n### And the response should look something like:\n```\n{\n \"access_token\": \"ey...bw\",\n \"expires_in\": 600,\n ....\n}\n```\n\n\u003e **NOTICE:**\n\u003e Changing authentication flow bindings in your Realm settings can break existing clients' ability to authenticate, if not configured properly!\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where \u003cspan pulumi-lang-nodejs=\"`idpAlias`\" pulumi-lang-dotnet=\"`IdpAlias`\" pulumi-lang-go=\"`idpAlias`\" pulumi-lang-python=\"`idp_alias`\" pulumi-lang-yaml=\"`idpAlias`\" pulumi-lang-java=\"`idpAlias`\"\u003e`idp_alias`\u003c/span\u003e is the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_kubernetes_identity_provider.realm_identity_provider my-realm/my-idp\n```\n\n\n{{% /examples %}}","properties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role."},"alias":{"type":"string","description":"The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"displayName":{"type":"string","description":"Friendly name for Identity Providers."},"enabled":{"type":"boolean","description":"Enable/disable this identity provider."},"extraConfig":{"type":"object","additionalProperties":{"type":"string"}},"firstBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account."},"guiOrder":{"type":"string","description":"GUI Order"},"hideOnLoginPage":{"type":"boolean","description":"This is always set to true for Kubernetes identity provider."},"internalId":{"type":"string","description":"Internal Identity Provider Id"},"issuer":{"type":"string","description":"The Kubernetes issuer URL of service account tokens. The URL \u003cISSUER\u003e/.well-known/openid-configuration must be available to Keycloak.\n"},"linkOnly":{"type":"boolean","description":"If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it."},"providerId":{"type":"string","description":"Provider ID, is always kubernetes."},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n"},"storeToken":{"type":"boolean","description":"Enable/disable if tokens must be stored after authenticating users."},"syncMode":{"type":"string","description":"Sync Mode"},"trustEmail":{"type":"boolean","description":"If enabled then email provided by this provider is not verified even if verification is enabled for the realm."}},"required":["alias","hideOnLoginPage","internalId","issuer","realm"],"inputProperties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n","willReplaceOnChanges":true},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"displayName":{"type":"string","description":"Friendly name for Identity Providers."},"enabled":{"type":"boolean","description":"Enable/disable this identity provider."},"extraConfig":{"type":"object","additionalProperties":{"type":"string"}},"firstBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account."},"guiOrder":{"type":"string","description":"GUI Order"},"issuer":{"type":"string","description":"The Kubernetes issuer URL of service account tokens. The URL \u003cISSUER\u003e/.well-known/openid-configuration must be available to Keycloak.\n"},"linkOnly":{"type":"boolean","description":"If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it."},"providerId":{"type":"string","description":"Provider ID, is always kubernetes."},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"Enable/disable if tokens must be stored after authenticating users."},"syncMode":{"type":"string","description":"Sync Mode"},"trustEmail":{"type":"boolean","description":"If enabled then email provided by this provider is not verified even if verification is enabled for the realm."}},"requiredInputs":["alias","issuer","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering KubernetesIdentityProvider resources.\n","properties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n","willReplaceOnChanges":true},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"displayName":{"type":"string","description":"Friendly name for Identity Providers."},"enabled":{"type":"boolean","description":"Enable/disable this identity provider."},"extraConfig":{"type":"object","additionalProperties":{"type":"string"}},"firstBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account."},"guiOrder":{"type":"string","description":"GUI Order"},"hideOnLoginPage":{"type":"boolean","description":"This is always set to true for Kubernetes identity provider."},"internalId":{"type":"string","description":"Internal Identity Provider Id"},"issuer":{"type":"string","description":"The Kubernetes issuer URL of service account tokens. The URL \u003cISSUER\u003e/.well-known/openid-configuration must be available to Keycloak.\n"},"linkOnly":{"type":"boolean","description":"If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it."},"providerId":{"type":"string","description":"Provider ID, is always kubernetes."},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"Enable/disable if tokens must be stored after authenticating users."},"syncMode":{"type":"string","description":"Sync Mode"},"trustEmail":{"type":"boolean","description":"If enabled then email provided by this provider is not verified even if verification is enabled for the realm."}},"type":"object"}},"keycloak:index/organization:Organization":{"description":"Allow for creating and managing Organizations within Keycloak.\n\nAttributes can also be defined on Groups.\n\nLinkage with identity providers is managed with the identity provider resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst _this = new keycloak.Organization(\"this\", {\n realm: realm.name,\n name: \"org\",\n alias: \"org\",\n enabled: true,\n domains: [{\n name: \"example.com\",\n }],\n});\nconst thisIdentityProvider = new keycloak.oidc.IdentityProvider(\"this\", {\n realm: realm.name,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n organizationId: _this.id,\n orgDomain: \"example.com\",\n orgRedirectModeEmailMatches: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nthis = keycloak.Organization(\"this\",\n realm=realm.name,\n name=\"org\",\n alias=\"org\",\n enabled=True,\n domains=[{\n \"name\": \"example.com\",\n }])\nthis_identity_provider = keycloak.oidc.IdentityProvider(\"this\",\n realm=realm.name,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\",\n organization_id=this.id,\n org_domain=\"example.com\",\n org_redirect_mode_email_matches=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @this = new Keycloak.Organization(\"this\", new()\n {\n Realm = realm.Name,\n Name = \"org\",\n Alias = \"org\",\n Enabled = true,\n Domains = new[]\n {\n new Keycloak.Inputs.OrganizationDomainArgs\n {\n Name = \"example.com\",\n },\n },\n });\n\n var thisIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"this\", new()\n {\n Realm = realm.Name,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n OrganizationId = @this.Id,\n OrgDomain = \"example.com\",\n OrgRedirectModeEmailMatches = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthis, err := keycloak.NewOrganization(ctx, \"this\", \u0026keycloak.OrganizationArgs{\n\t\t\tRealm: realm.Name,\n\t\t\tName: pulumi.String(\"org\"),\n\t\t\tAlias: pulumi.String(\"org\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tDomains: keycloak.OrganizationDomainArray{\n\t\t\t\t\u0026keycloak.OrganizationDomainArgs{\n\t\t\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewIdentityProvider(ctx, \"this\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.Name,\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t\tOrganizationId: this.ID(),\n\t\t\tOrgDomain: pulumi.String(\"example.com\"),\n\t\t\tOrgRedirectModeEmailMatches: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Organization;\nimport com.pulumi.keycloak.OrganizationArgs;\nimport com.pulumi.keycloak.inputs.OrganizationDomainArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var this_ = new Organization(\"this\", OrganizationArgs.builder()\n .realm(realm.name())\n .name(\"org\")\n .alias(\"org\")\n .enabled(true)\n .domains(OrganizationDomainArgs.builder()\n .name(\"example.com\")\n .build())\n .build());\n\n var thisIdentityProvider = new IdentityProvider(\"thisIdentityProvider\", IdentityProviderArgs.builder()\n .realm(realm.name())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .organizationId(this_.id())\n .orgDomain(\"example.com\")\n .orgRedirectModeEmailMatches(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n this:\n type: keycloak:Organization\n properties:\n realm: ${realm.name}\n name: org\n alias: org\n enabled: true\n domains:\n - name: example.com\n thisIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n name: this\n properties:\n realm: ${realm.name}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n organizationId: ${this.id}\n orgDomain: example.com\n orgRedirectModeEmailMatches: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizations can be imported using the format `{{realm_id}}/{{organization_id}}`, where \u003cspan pulumi-lang-nodejs=\"`organizationId`\" pulumi-lang-dotnet=\"`OrganizationId`\" pulumi-lang-go=\"`organizationId`\" pulumi-lang-python=\"`organization_id`\" pulumi-lang-yaml=\"`organizationId`\" pulumi-lang-java=\"`organizationId`\"\u003e`organization_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the organizations upon creation. This value can be found in the URI when editing this organization in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_organization.this my-realm/cec54914-b702-4c7b-9431-b407817d059a\n```\n\n","properties":{"alias":{"type":"string","description":"The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.\n"},"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars.\n"},"description":{"type":"string","description":"The description of the organization.\n"},"domains":{"type":"array","items":{"$ref":"#/types/keycloak:index/OrganizationDomain:OrganizationDomain"},"description":"A list of domains.\n"},"enabled":{"type":"boolean","description":"Enable/disable this organization."},"name":{"type":"string","description":"The name of the organization.\n"},"realm":{"type":"string","description":"The realm this organization exists in.\n"},"redirectUrl":{"type":"string","description":"The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.\n"}},"required":["alias","attributes","name","realm"],"inputProperties":{"alias":{"type":"string","description":"The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.\n"},"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars.\n"},"description":{"type":"string","description":"The description of the organization.\n"},"domains":{"type":"array","items":{"$ref":"#/types/keycloak:index/OrganizationDomain:OrganizationDomain"},"description":"A list of domains.\n"},"enabled":{"type":"boolean","description":"Enable/disable this organization."},"name":{"type":"string","description":"The name of the organization.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm this organization exists in.\n","willReplaceOnChanges":true},"redirectUrl":{"type":"string","description":"The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.\n"}},"requiredInputs":["realm"],"stateInputs":{"description":"Input properties used for looking up and filtering Organization resources.\n","properties":{"alias":{"type":"string","description":"The alias unique identifies the organization. Same as the name if not specified. The alias cannot be changed after the organization has been created.\n"},"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the group. In order to add multivalued attributes, use `##` to separate the values. Max length for each value is 255 chars.\n"},"description":{"type":"string","description":"The description of the organization.\n"},"domains":{"type":"array","items":{"$ref":"#/types/keycloak:index/OrganizationDomain:OrganizationDomain"},"description":"A list of domains.\n"},"enabled":{"type":"boolean","description":"Enable/disable this organization."},"name":{"type":"string","description":"The name of the organization.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The realm this organization exists in.\n","willReplaceOnChanges":true},"redirectUrl":{"type":"string","description":"The landing page after user completes registration or accepts an invitation to the organization. If left empty, the user will be redirected to the account console by default.\n"}},"type":"object"}},"keycloak:index/realm:Realm":{"description":"Allows for creating and managing Realms within Keycloak.\n\nA realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated\nfrom multiple sources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n displayName: \"my realm\",\n displayNameHtml: \"\u003cb\u003emy realm\u003c/b\u003e\",\n loginTheme: \"base\",\n accessCodeLifespan: \"1h\",\n sslRequired: \"external\",\n passwordPolicy: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n attributes: {\n mycustomAttribute: \"myCustomValue\",\n },\n smtpServer: {\n host: \"smtp.example.com\",\n from: \"example@example.com\",\n auth: {\n username: \"tom\",\n password: \"password\",\n },\n },\n internationalization: {\n supportedLocales: [\n \"en\",\n \"de\",\n \"es\",\n ],\n defaultLocale: \"en\",\n },\n securityDefenses: {\n headers: {\n xFrameOptions: \"DENY\",\n contentSecurityPolicy: \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n contentSecurityPolicyReportOnly: \"\",\n xContentTypeOptions: \"nosniff\",\n xRobotsTag: \"none\",\n xXssProtection: \"1; mode=block\",\n strictTransportSecurity: \"max-age=31536000; includeSubDomains\",\n },\n bruteForceDetection: {\n permanentLockout: false,\n maxLoginFailures: 30,\n waitIncrementSeconds: 60,\n quickLoginCheckMilliSeconds: 1000,\n minimumQuickLoginWaitSeconds: 60,\n maxFailureWaitSeconds: 900,\n failureResetTimeSeconds: 43200,\n },\n },\n webAuthnPolicy: {\n relyingPartyEntityName: \"Example\",\n relyingPartyId: \"keycloak.example.com\",\n signatureAlgorithms: [\n \"ES256\",\n \"RS256\",\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True,\n display_name=\"my realm\",\n display_name_html=\"\u003cb\u003emy realm\u003c/b\u003e\",\n login_theme=\"base\",\n access_code_lifespan=\"1h\",\n ssl_required=\"external\",\n password_policy=\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n attributes={\n \"mycustomAttribute\": \"myCustomValue\",\n },\n smtp_server={\n \"host\": \"smtp.example.com\",\n \"from_\": \"example@example.com\",\n \"auth\": {\n \"username\": \"tom\",\n \"password\": \"password\",\n },\n },\n internationalization={\n \"supported_locales\": [\n \"en\",\n \"de\",\n \"es\",\n ],\n \"default_locale\": \"en\",\n },\n security_defenses={\n \"headers\": {\n \"x_frame_options\": \"DENY\",\n \"content_security_policy\": \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n \"content_security_policy_report_only\": \"\",\n \"x_content_type_options\": \"nosniff\",\n \"x_robots_tag\": \"none\",\n \"x_xss_protection\": \"1; mode=block\",\n \"strict_transport_security\": \"max-age=31536000; includeSubDomains\",\n },\n \"brute_force_detection\": {\n \"permanent_lockout\": False,\n \"max_login_failures\": 30,\n \"wait_increment_seconds\": 60,\n \"quick_login_check_milli_seconds\": 1000,\n \"minimum_quick_login_wait_seconds\": 60,\n \"max_failure_wait_seconds\": 900,\n \"failure_reset_time_seconds\": 43200,\n },\n },\n web_authn_policy={\n \"relying_party_entity_name\": \"Example\",\n \"relying_party_id\": \"keycloak.example.com\",\n \"signature_algorithms\": [\n \"ES256\",\n \"RS256\",\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n DisplayName = \"my realm\",\n DisplayNameHtml = \"\u003cb\u003emy realm\u003c/b\u003e\",\n LoginTheme = \"base\",\n AccessCodeLifespan = \"1h\",\n SslRequired = \"external\",\n PasswordPolicy = \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\",\n Attributes = \n {\n { \"mycustomAttribute\", \"myCustomValue\" },\n },\n SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs\n {\n Host = \"smtp.example.com\",\n From = \"example@example.com\",\n Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs\n {\n Username = \"tom\",\n Password = \"password\",\n },\n },\n Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs\n {\n SupportedLocales = new[]\n {\n \"en\",\n \"de\",\n \"es\",\n },\n DefaultLocale = \"en\",\n },\n SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs\n {\n Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs\n {\n XFrameOptions = \"DENY\",\n ContentSecurityPolicy = \"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\",\n ContentSecurityPolicyReportOnly = \"\",\n XContentTypeOptions = \"nosniff\",\n XRobotsTag = \"none\",\n XXssProtection = \"1; mode=block\",\n StrictTransportSecurity = \"max-age=31536000; includeSubDomains\",\n },\n BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs\n {\n PermanentLockout = false,\n MaxLoginFailures = 30,\n WaitIncrementSeconds = 60,\n QuickLoginCheckMilliSeconds = 1000,\n MinimumQuickLoginWaitSeconds = 60,\n MaxFailureWaitSeconds = 900,\n FailureResetTimeSeconds = 43200,\n },\n },\n WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs\n {\n RelyingPartyEntityName = \"Example\",\n RelyingPartyId = \"keycloak.example.com\",\n SignatureAlgorithms = new[]\n {\n \"ES256\",\n \"RS256\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tDisplayName: pulumi.String(\"my realm\"),\n\t\t\tDisplayNameHtml: pulumi.String(\"\u003cb\u003emy realm\u003c/b\u003e\"),\n\t\t\tLoginTheme: pulumi.String(\"base\"),\n\t\t\tAccessCodeLifespan: pulumi.String(\"1h\"),\n\t\t\tSslRequired: pulumi.String(\"external\"),\n\t\t\tPasswordPolicy: pulumi.String(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"mycustomAttribute\": pulumi.String(\"myCustomValue\"),\n\t\t\t},\n\t\t\tSmtpServer: \u0026keycloak.RealmSmtpServerArgs{\n\t\t\t\tHost: pulumi.String(\"smtp.example.com\"),\n\t\t\t\tFrom: pulumi.String(\"example@example.com\"),\n\t\t\t\tAuth: \u0026keycloak.RealmSmtpServerAuthArgs{\n\t\t\t\t\tUsername: pulumi.String(\"tom\"),\n\t\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInternationalization: \u0026keycloak.RealmInternationalizationArgs{\n\t\t\t\tSupportedLocales: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"en\"),\n\t\t\t\t\tpulumi.String(\"de\"),\n\t\t\t\t\tpulumi.String(\"es\"),\n\t\t\t\t},\n\t\t\t\tDefaultLocale: pulumi.String(\"en\"),\n\t\t\t},\n\t\t\tSecurityDefenses: \u0026keycloak.RealmSecurityDefensesArgs{\n\t\t\t\tHeaders: \u0026keycloak.RealmSecurityDefensesHeadersArgs{\n\t\t\t\t\tXFrameOptions: pulumi.String(\"DENY\"),\n\t\t\t\t\tContentSecurityPolicy: pulumi.String(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\"),\n\t\t\t\t\tContentSecurityPolicyReportOnly: pulumi.String(\"\"),\n\t\t\t\t\tXContentTypeOptions: pulumi.String(\"nosniff\"),\n\t\t\t\t\tXRobotsTag: pulumi.String(\"none\"),\n\t\t\t\t\tXXssProtection: pulumi.String(\"1; mode=block\"),\n\t\t\t\t\tStrictTransportSecurity: pulumi.String(\"max-age=31536000; includeSubDomains\"),\n\t\t\t\t},\n\t\t\t\tBruteForceDetection: \u0026keycloak.RealmSecurityDefensesBruteForceDetectionArgs{\n\t\t\t\t\tPermanentLockout: pulumi.Bool(false),\n\t\t\t\t\tMaxLoginFailures: pulumi.Int(30),\n\t\t\t\t\tWaitIncrementSeconds: pulumi.Int(60),\n\t\t\t\t\tQuickLoginCheckMilliSeconds: pulumi.Int(1000),\n\t\t\t\t\tMinimumQuickLoginWaitSeconds: pulumi.Int(60),\n\t\t\t\t\tMaxFailureWaitSeconds: pulumi.Int(900),\n\t\t\t\t\tFailureResetTimeSeconds: pulumi.Int(43200),\n\t\t\t\t},\n\t\t\t},\n\t\t\tWebAuthnPolicy: \u0026keycloak.RealmWebAuthnPolicyArgs{\n\t\t\t\tRelyingPartyEntityName: pulumi.String(\"Example\"),\n\t\t\t\tRelyingPartyId: pulumi.String(\"keycloak.example.com\"),\n\t\t\t\tSignatureAlgorithms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ES256\"),\n\t\t\t\t\tpulumi.String(\"RS256\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerArgs;\nimport com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs;\nimport com.pulumi.keycloak.inputs.RealmInternationalizationArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs;\nimport com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs;\nimport com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .displayName(\"my realm\")\n .displayNameHtml(\"\u003cb\u003emy realm\u003c/b\u003e\")\n .loginTheme(\"base\")\n .accessCodeLifespan(\"1h\")\n .sslRequired(\"external\")\n .passwordPolicy(\"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\")\n .attributes(Map.of(\"mycustomAttribute\", \"myCustomValue\"))\n .smtpServer(RealmSmtpServerArgs.builder()\n .host(\"smtp.example.com\")\n .from(\"example@example.com\")\n .auth(RealmSmtpServerAuthArgs.builder()\n .username(\"tom\")\n .password(\"password\")\n .build())\n .build())\n .internationalization(RealmInternationalizationArgs.builder()\n .supportedLocales( \n \"en\",\n \"de\",\n \"es\")\n .defaultLocale(\"en\")\n .build())\n .securityDefenses(RealmSecurityDefensesArgs.builder()\n .headers(RealmSecurityDefensesHeadersArgs.builder()\n .xFrameOptions(\"DENY\")\n .contentSecurityPolicy(\"frame-src 'self'; frame-ancestors 'self'; object-src 'none';\")\n .contentSecurityPolicyReportOnly(\"\")\n .xContentTypeOptions(\"nosniff\")\n .xRobotsTag(\"none\")\n .xXssProtection(\"1; mode=block\")\n .strictTransportSecurity(\"max-age=31536000; includeSubDomains\")\n .build())\n .bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()\n .permanentLockout(false)\n .maxLoginFailures(30)\n .waitIncrementSeconds(60)\n .quickLoginCheckMilliSeconds(1000)\n .minimumQuickLoginWaitSeconds(60)\n .maxFailureWaitSeconds(900)\n .failureResetTimeSeconds(43200)\n .build())\n .build())\n .webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()\n .relyingPartyEntityName(\"Example\")\n .relyingPartyId(\"keycloak.example.com\")\n .signatureAlgorithms( \n \"ES256\",\n \"RS256\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n displayName: my realm\n displayNameHtml: \u003cb\u003emy realm\u003c/b\u003e\n loginTheme: base\n accessCodeLifespan: 1h\n sslRequired: external\n passwordPolicy: upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername\n attributes:\n mycustomAttribute: myCustomValue\n smtpServer:\n host: smtp.example.com\n from: example@example.com\n auth:\n username: tom\n password: password\n internationalization:\n supportedLocales:\n - en\n - de\n - es\n defaultLocale: en\n securityDefenses:\n headers:\n xFrameOptions: DENY\n contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';\n contentSecurityPolicyReportOnly: \"\"\n xContentTypeOptions: nosniff\n xRobotsTag: none\n xXssProtection: 1; mode=block\n strictTransportSecurity: max-age=31536000; includeSubDomains\n bruteForceDetection:\n permanentLockout: false\n maxLoginFailures: 30\n waitIncrementSeconds: 60\n quickLoginCheckMilliSeconds: 1000\n minimumQuickLoginWaitSeconds: 60\n maxFailureWaitSeconds: 900\n failureResetTimeSeconds: 43200\n webAuthnPolicy:\n relyingPartyEntityName: Example\n relyingPartyId: keycloak.example.com\n signatureAlgorithms:\n - ES256\n - RS256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Default Client Scopes\n\n- \u003cspan pulumi-lang-nodejs=\"`defaultDefaultClientScopes`\" pulumi-lang-dotnet=\"`DefaultDefaultClientScopes`\" pulumi-lang-go=\"`defaultDefaultClientScopes`\" pulumi-lang-python=\"`default_default_client_scopes`\" pulumi-lang-yaml=\"`defaultDefaultClientScopes`\" pulumi-lang-java=\"`defaultDefaultClientScopes`\"\u003e`default_default_client_scopes`\u003c/span\u003e - (Optional) A list of default `default client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `default client-scopes`. For an alternative, please refer to the dedicated resource \u003cspan pulumi-lang-nodejs=\"`keycloak.RealmDefaultClientScopes`\" pulumi-lang-dotnet=\"`keycloak.RealmDefaultClientScopes`\" pulumi-lang-go=\"`RealmDefaultClientScopes`\" pulumi-lang-python=\"`RealmDefaultClientScopes`\" pulumi-lang-yaml=\"`keycloak.RealmDefaultClientScopes`\" pulumi-lang-java=\"`keycloak.RealmDefaultClientScopes`\"\u003e`keycloak.RealmDefaultClientScopes`\u003c/span\u003e.\n- \u003cspan pulumi-lang-nodejs=\"`defaultOptionalClientScopes`\" pulumi-lang-dotnet=\"`DefaultOptionalClientScopes`\" pulumi-lang-go=\"`defaultOptionalClientScopes`\" pulumi-lang-python=\"`default_optional_client_scopes`\" pulumi-lang-yaml=\"`defaultOptionalClientScopes`\" pulumi-lang-java=\"`defaultOptionalClientScopes`\"\u003e`default_optional_client_scopes`\u003c/span\u003e - (Optional) A list of default `optional client scopes` to be used for client definitions. Defaults to `[]` or keycloak's built-in default `optional client-scopes`. For an alternative, please refer to the dedicated resource \u003cspan pulumi-lang-nodejs=\"`keycloak.RealmOptionalClientScopes`\" pulumi-lang-dotnet=\"`keycloak.RealmOptionalClientScopes`\" pulumi-lang-go=\"`RealmOptionalClientScopes`\" pulumi-lang-python=\"`RealmOptionalClientScopes`\" pulumi-lang-yaml=\"`keycloak.RealmOptionalClientScopes`\" pulumi-lang-java=\"`keycloak.RealmOptionalClientScopes`\"\u003e`keycloak.RealmOptionalClientScopes`\u003c/span\u003e.\n\n## Import\n\nRealms can be imported using their name.\n\nExample:\n\n```bash\n$ terraform import keycloak_realm.realm my-realm\n```\n\n","properties":{"accessCodeLifespan":{"type":"string"},"accessCodeLifespanLogin":{"type":"string"},"accessCodeLifespanUserAction":{"type":"string"},"accessTokenLifespan":{"type":"string"},"accessTokenLifespanForImplicitFlow":{"type":"string"},"accountTheme":{"type":"string"},"actionTokenGeneratedByAdminLifespan":{"type":"string"},"actionTokenGeneratedByUserLifespan":{"type":"string"},"adminPermissionsEnabled":{"type":"boolean"},"adminTheme":{"type":"string"},"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of custom attributes to add to the realm.\n"},"browserFlow":{"type":"string","description":"Which flow should be used for BrowserFlow"},"clientAuthenticationFlow":{"type":"string","description":"Which flow should be used for ClientAuthenticationFlow"},"clientSessionIdleTimeout":{"type":"string"},"clientSessionMaxLifespan":{"type":"string"},"defaultDefaultClientScopes":{"type":"array","items":{"type":"string"}},"defaultOptionalClientScopes":{"type":"array","items":{"type":"string"}},"defaultSignatureAlgorithm":{"type":"string"},"directGrantFlow":{"type":"string","description":"Which flow should be used for DirectGrantFlow"},"displayName":{"type":"string","description":"The display name for the realm that is shown when logging in to the admin console.\n"},"displayNameHtml":{"type":"string","description":"The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.\n"},"dockerAuthenticationFlow":{"type":"string","description":"Which flow should be used for DockerAuthenticationFlow"},"duplicateEmailsAllowed":{"type":"boolean"},"editUsernameAllowed":{"type":"boolean"},"emailTheme":{"type":"string"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, users and clients will not be able to access this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"firstBrokerLoginFlow":{"type":"string","description":"Which flow should be used for FirstBrokerLoginFlow"},"internalId":{"type":"string","description":"When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.\n"},"internationalization":{"$ref":"#/types/keycloak:index/RealmInternationalization:RealmInternationalization"},"loginTheme":{"type":"string"},"loginWithEmailAllowed":{"type":"boolean"},"oauth2DeviceCodeLifespan":{"type":"string"},"oauth2DevicePollingInterval":{"type":"integer"},"offlineSessionIdleTimeout":{"type":"string"},"offlineSessionMaxLifespan":{"type":"string"},"offlineSessionMaxLifespanEnabled":{"type":"boolean"},"organizationsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, organization support is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"otpPolicy":{"$ref":"#/types/keycloak:index/RealmOtpPolicy:RealmOtpPolicy"},"passwordPolicy":{"type":"string","description":"String that represents the passwordPolicies that are in place. Each policy is separated with \" and \". Supported policies can be found in the server-info providers page. example: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)\""},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.\n","language":{"csharp":{"name":"RealmName"}}},"refreshTokenMaxReuse":{"type":"integer"},"registrationAllowed":{"type":"boolean"},"registrationEmailAsUsername":{"type":"boolean"},"registrationFlow":{"type":"string","description":"Which flow should be used for RegistrationFlow"},"rememberMe":{"type":"boolean"},"resetCredentialsFlow":{"type":"string","description":"Which flow should be used for ResetCredentialsFlow"},"resetPasswordAllowed":{"type":"boolean"},"revokeRefreshToken":{"type":"boolean"},"securityDefenses":{"$ref":"#/types/keycloak:index/RealmSecurityDefenses:RealmSecurityDefenses"},"smtpServer":{"$ref":"#/types/keycloak:index/RealmSmtpServer:RealmSmtpServer"},"sslRequired":{"type":"string","description":"SSL Required: Values can be 'none', 'external' or 'all'."},"ssoSessionIdleTimeout":{"type":"string"},"ssoSessionIdleTimeoutRememberMe":{"type":"string"},"ssoSessionMaxLifespan":{"type":"string"},"ssoSessionMaxLifespanRememberMe":{"type":"string"},"terraformDeletionProtection":{"type":"boolean","description":"When set to true, the realm cannot be deleted. Defaults to false.\n"},"userManagedAccess":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users are allowed to manage their own resources. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"verifyEmail":{"type":"boolean"},"webAuthnPasswordlessPolicy":{"$ref":"#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy"},"webAuthnPolicy":{"$ref":"#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy"}},"required":["accessCodeLifespan","accessCodeLifespanLogin","accessCodeLifespanUserAction","accessTokenLifespan","accessTokenLifespanForImplicitFlow","actionTokenGeneratedByAdminLifespan","actionTokenGeneratedByUserLifespan","browserFlow","clientAuthenticationFlow","clientSessionIdleTimeout","clientSessionMaxLifespan","directGrantFlow","dockerAuthenticationFlow","duplicateEmailsAllowed","editUsernameAllowed","firstBrokerLoginFlow","internalId","loginWithEmailAllowed","oauth2DeviceCodeLifespan","oauth2DevicePollingInterval","offlineSessionIdleTimeout","offlineSessionMaxLifespan","otpPolicy","realm","registrationAllowed","registrationEmailAsUsername","registrationFlow","rememberMe","resetCredentialsFlow","resetPasswordAllowed","ssoSessionIdleTimeout","ssoSessionIdleTimeoutRememberMe","ssoSessionMaxLifespan","ssoSessionMaxLifespanRememberMe","verifyEmail","webAuthnPasswordlessPolicy","webAuthnPolicy"],"inputProperties":{"accessCodeLifespan":{"type":"string"},"accessCodeLifespanLogin":{"type":"string"},"accessCodeLifespanUserAction":{"type":"string"},"accessTokenLifespan":{"type":"string"},"accessTokenLifespanForImplicitFlow":{"type":"string"},"accountTheme":{"type":"string"},"actionTokenGeneratedByAdminLifespan":{"type":"string"},"actionTokenGeneratedByUserLifespan":{"type":"string"},"adminPermissionsEnabled":{"type":"boolean"},"adminTheme":{"type":"string"},"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of custom attributes to add to the realm.\n"},"browserFlow":{"type":"string","description":"Which flow should be used for BrowserFlow"},"clientAuthenticationFlow":{"type":"string","description":"Which flow should be used for ClientAuthenticationFlow"},"clientSessionIdleTimeout":{"type":"string"},"clientSessionMaxLifespan":{"type":"string"},"defaultDefaultClientScopes":{"type":"array","items":{"type":"string"}},"defaultOptionalClientScopes":{"type":"array","items":{"type":"string"}},"defaultSignatureAlgorithm":{"type":"string"},"directGrantFlow":{"type":"string","description":"Which flow should be used for DirectGrantFlow"},"displayName":{"type":"string","description":"The display name for the realm that is shown when logging in to the admin console.\n"},"displayNameHtml":{"type":"string","description":"The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.\n"},"dockerAuthenticationFlow":{"type":"string","description":"Which flow should be used for DockerAuthenticationFlow"},"duplicateEmailsAllowed":{"type":"boolean"},"editUsernameAllowed":{"type":"boolean"},"emailTheme":{"type":"string"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, users and clients will not be able to access this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"firstBrokerLoginFlow":{"type":"string","description":"Which flow should be used for FirstBrokerLoginFlow"},"internalId":{"type":"string","description":"When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.\n","willReplaceOnChanges":true},"internationalization":{"$ref":"#/types/keycloak:index/RealmInternationalization:RealmInternationalization"},"loginTheme":{"type":"string"},"loginWithEmailAllowed":{"type":"boolean"},"oauth2DeviceCodeLifespan":{"type":"string"},"oauth2DevicePollingInterval":{"type":"integer"},"offlineSessionIdleTimeout":{"type":"string"},"offlineSessionMaxLifespan":{"type":"string"},"offlineSessionMaxLifespanEnabled":{"type":"boolean"},"organizationsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, organization support is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"otpPolicy":{"$ref":"#/types/keycloak:index/RealmOtpPolicy:RealmOtpPolicy"},"passwordPolicy":{"type":"string","description":"String that represents the passwordPolicies that are in place. Each policy is separated with \" and \". Supported policies can be found in the server-info providers page. example: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)\""},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.\n","language":{"csharp":{"name":"RealmName"}},"willReplaceOnChanges":true},"refreshTokenMaxReuse":{"type":"integer"},"registrationAllowed":{"type":"boolean"},"registrationEmailAsUsername":{"type":"boolean"},"registrationFlow":{"type":"string","description":"Which flow should be used for RegistrationFlow"},"rememberMe":{"type":"boolean"},"resetCredentialsFlow":{"type":"string","description":"Which flow should be used for ResetCredentialsFlow"},"resetPasswordAllowed":{"type":"boolean"},"revokeRefreshToken":{"type":"boolean"},"securityDefenses":{"$ref":"#/types/keycloak:index/RealmSecurityDefenses:RealmSecurityDefenses"},"smtpServer":{"$ref":"#/types/keycloak:index/RealmSmtpServer:RealmSmtpServer"},"sslRequired":{"type":"string","description":"SSL Required: Values can be 'none', 'external' or 'all'."},"ssoSessionIdleTimeout":{"type":"string"},"ssoSessionIdleTimeoutRememberMe":{"type":"string"},"ssoSessionMaxLifespan":{"type":"string"},"ssoSessionMaxLifespanRememberMe":{"type":"string"},"terraformDeletionProtection":{"type":"boolean","description":"When set to true, the realm cannot be deleted. Defaults to false.\n"},"userManagedAccess":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users are allowed to manage their own resources. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"verifyEmail":{"type":"boolean"},"webAuthnPasswordlessPolicy":{"$ref":"#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy"},"webAuthnPolicy":{"$ref":"#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy"}},"stateInputs":{"description":"Input properties used for looking up and filtering Realm resources.\n","properties":{"accessCodeLifespan":{"type":"string"},"accessCodeLifespanLogin":{"type":"string"},"accessCodeLifespanUserAction":{"type":"string"},"accessTokenLifespan":{"type":"string"},"accessTokenLifespanForImplicitFlow":{"type":"string"},"accountTheme":{"type":"string"},"actionTokenGeneratedByAdminLifespan":{"type":"string"},"actionTokenGeneratedByUserLifespan":{"type":"string"},"adminPermissionsEnabled":{"type":"boolean"},"adminTheme":{"type":"string"},"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of custom attributes to add to the realm.\n"},"browserFlow":{"type":"string","description":"Which flow should be used for BrowserFlow"},"clientAuthenticationFlow":{"type":"string","description":"Which flow should be used for ClientAuthenticationFlow"},"clientSessionIdleTimeout":{"type":"string"},"clientSessionMaxLifespan":{"type":"string"},"defaultDefaultClientScopes":{"type":"array","items":{"type":"string"}},"defaultOptionalClientScopes":{"type":"array","items":{"type":"string"}},"defaultSignatureAlgorithm":{"type":"string"},"directGrantFlow":{"type":"string","description":"Which flow should be used for DirectGrantFlow"},"displayName":{"type":"string","description":"The display name for the realm that is shown when logging in to the admin console.\n"},"displayNameHtml":{"type":"string","description":"The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.\n"},"dockerAuthenticationFlow":{"type":"string","description":"Which flow should be used for DockerAuthenticationFlow"},"duplicateEmailsAllowed":{"type":"boolean"},"editUsernameAllowed":{"type":"boolean"},"emailTheme":{"type":"string"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, users and clients will not be able to access this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"firstBrokerLoginFlow":{"type":"string","description":"Which flow should be used for FirstBrokerLoginFlow"},"internalId":{"type":"string","description":"When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.\n","willReplaceOnChanges":true},"internationalization":{"$ref":"#/types/keycloak:index/RealmInternationalization:RealmInternationalization"},"loginTheme":{"type":"string"},"loginWithEmailAllowed":{"type":"boolean"},"oauth2DeviceCodeLifespan":{"type":"string"},"oauth2DevicePollingInterval":{"type":"integer"},"offlineSessionIdleTimeout":{"type":"string"},"offlineSessionMaxLifespan":{"type":"string"},"offlineSessionMaxLifespanEnabled":{"type":"boolean"},"organizationsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, organization support is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"otpPolicy":{"$ref":"#/types/keycloak:index/RealmOtpPolicy:RealmOtpPolicy"},"passwordPolicy":{"type":"string","description":"String that represents the passwordPolicies that are in place. Each policy is separated with \" and \". Supported policies can be found in the server-info providers page. example: \"upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)\""},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.\n","language":{"csharp":{"name":"RealmName"}},"willReplaceOnChanges":true},"refreshTokenMaxReuse":{"type":"integer"},"registrationAllowed":{"type":"boolean"},"registrationEmailAsUsername":{"type":"boolean"},"registrationFlow":{"type":"string","description":"Which flow should be used for RegistrationFlow"},"rememberMe":{"type":"boolean"},"resetCredentialsFlow":{"type":"string","description":"Which flow should be used for ResetCredentialsFlow"},"resetPasswordAllowed":{"type":"boolean"},"revokeRefreshToken":{"type":"boolean"},"securityDefenses":{"$ref":"#/types/keycloak:index/RealmSecurityDefenses:RealmSecurityDefenses"},"smtpServer":{"$ref":"#/types/keycloak:index/RealmSmtpServer:RealmSmtpServer"},"sslRequired":{"type":"string","description":"SSL Required: Values can be 'none', 'external' or 'all'."},"ssoSessionIdleTimeout":{"type":"string"},"ssoSessionIdleTimeoutRememberMe":{"type":"string"},"ssoSessionMaxLifespan":{"type":"string"},"ssoSessionMaxLifespanRememberMe":{"type":"string"},"terraformDeletionProtection":{"type":"boolean","description":"When set to true, the realm cannot be deleted. Defaults to false.\n"},"userManagedAccess":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users are allowed to manage their own resources. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"verifyEmail":{"type":"boolean"},"webAuthnPasswordlessPolicy":{"$ref":"#/types/keycloak:index/RealmWebAuthnPasswordlessPolicy:RealmWebAuthnPasswordlessPolicy"},"webAuthnPolicy":{"$ref":"#/types/keycloak:index/RealmWebAuthnPolicy:RealmWebAuthnPolicy"}},"type":"object"}},"keycloak:index/realmClientPolicyProfile:RealmClientPolicyProfile":{"description":"Allows for managing Realm Client Policy Profiles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst profile = new keycloak.RealmClientPolicyProfile(\"profile\", {\n name: \"my-profile\",\n realmId: realm.id,\n executors: [\n {\n name: \"intent-client-bind-checker\",\n configuration: {\n \"auto-configure\": \"true\",\n },\n },\n {\n name: \"secure-session\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nprofile = keycloak.RealmClientPolicyProfile(\"profile\",\n name=\"my-profile\",\n realm_id=realm.id,\n executors=[\n {\n \"name\": \"intent-client-bind-checker\",\n \"configuration\": {\n \"auto-configure\": \"true\",\n },\n },\n {\n \"name\": \"secure-session\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var profile = new Keycloak.RealmClientPolicyProfile(\"profile\", new()\n {\n Name = \"my-profile\",\n RealmId = realm.Id,\n Executors = new[]\n {\n new Keycloak.Inputs.RealmClientPolicyProfileExecutorArgs\n {\n Name = \"intent-client-bind-checker\",\n Configuration = \n {\n { \"auto-configure\", \"true\" },\n },\n },\n new Keycloak.Inputs.RealmClientPolicyProfileExecutorArgs\n {\n Name = \"secure-session\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmClientPolicyProfile(ctx, \"profile\", \u0026keycloak.RealmClientPolicyProfileArgs{\n\t\t\tName: pulumi.String(\"my-profile\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tExecutors: keycloak.RealmClientPolicyProfileExecutorArray{\n\t\t\t\t\u0026keycloak.RealmClientPolicyProfileExecutorArgs{\n\t\t\t\t\tName: pulumi.String(\"intent-client-bind-checker\"),\n\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\"auto-configure\": pulumi.String(\"true\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmClientPolicyProfileExecutorArgs{\n\t\t\t\t\tName: pulumi.String(\"secure-session\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmClientPolicyProfile;\nimport com.pulumi.keycloak.RealmClientPolicyProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmClientPolicyProfileExecutorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var profile = new RealmClientPolicyProfile(\"profile\", RealmClientPolicyProfileArgs.builder()\n .name(\"my-profile\")\n .realmId(realm.id())\n .executors( \n RealmClientPolicyProfileExecutorArgs.builder()\n .name(\"intent-client-bind-checker\")\n .configuration(Map.of(\"auto-configure\", \"true\"))\n .build(),\n RealmClientPolicyProfileExecutorArgs.builder()\n .name(\"secure-session\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n profile:\n type: keycloak:RealmClientPolicyProfile\n properties:\n name: my-profile\n realmId: ${realm.id}\n executors:\n - name: intent-client-bind-checker\n configuration:\n auto-configure: true\n - name: secure-session\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Attribute Arguments\n\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the attribute.\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm id.\n- \u003cspan pulumi-lang-nodejs=\"`executor`\" pulumi-lang-dotnet=\"`Executor`\" pulumi-lang-go=\"`executor`\" pulumi-lang-python=\"`executor`\" pulumi-lang-yaml=\"`executor`\" pulumi-lang-java=\"`executor`\"\u003e`executor`\u003c/span\u003e - (Optional) An ordered list of executors\n\n#### Executor Arguments\n\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the executor. NOTE! The executor needs to exist\n- \u003cspan pulumi-lang-nodejs=\"`configuration`\" pulumi-lang-dotnet=\"`Configuration`\" pulumi-lang-go=\"`configuration`\" pulumi-lang-python=\"`configuration`\" pulumi-lang-yaml=\"`configuration`\" pulumi-lang-java=\"`configuration`\"\u003e`configuration`\u003c/span\u003e - (Optional) - A map of configuration values\n\n## Import\n\nThis resource currently does not support importing.\n\n","properties":{"description":{"type":"string"},"executors":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmClientPolicyProfileExecutor:RealmClientPolicyProfileExecutor"}},"name":{"type":"string"},"realmId":{"type":"string"}},"required":["name","realmId"],"inputProperties":{"description":{"type":"string"},"executors":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmClientPolicyProfileExecutor:RealmClientPolicyProfileExecutor"}},"name":{"type":"string","willReplaceOnChanges":true},"realmId":{"type":"string"}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmClientPolicyProfile resources.\n","properties":{"description":{"type":"string"},"executors":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmClientPolicyProfileExecutor:RealmClientPolicyProfileExecutor"}},"name":{"type":"string","willReplaceOnChanges":true},"realmId":{"type":"string"}},"type":"object"}},"keycloak:index/realmClientPolicyProfilePolicy:RealmClientPolicyProfilePolicy":{"description":"Allows for managing Realm Client Policy Profile Policies.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst profile = new keycloak.RealmClientPolicyProfile(\"profile\", {\n name: \"my-profile\",\n realmId: realm.id,\n description: \"Some desc\",\n executors: [\n {\n name: \"intent-client-bind-checker\",\n configuration: {\n \"auto-configure\": \"true\",\n },\n },\n {\n name: \"secret-rotation\",\n configuration: {\n \"expiration-period\": \"2505600\",\n \"rotated-expiration-period\": \"172800\",\n \"remaining-rotation-period\": \"864000\",\n },\n },\n ],\n});\nconst policy = new keycloak.RealmClientPolicyProfilePolicy(\"policy\", {\n name: \"my-profile\",\n realmId: realm.id,\n description: \"Some desc\",\n profiles: [profile.name],\n conditions: [\n {\n name: \"client-type\",\n configuration: {\n protocol: \"openid-connect\",\n },\n },\n {\n name: \"client-attributes\",\n configuration: {\n \"is-negative-logic\": \"false\",\n attributes: JSON.stringify([{\n key: \"test-key\",\n value: \"test-value\",\n }]),\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nprofile = keycloak.RealmClientPolicyProfile(\"profile\",\n name=\"my-profile\",\n realm_id=realm.id,\n description=\"Some desc\",\n executors=[\n {\n \"name\": \"intent-client-bind-checker\",\n \"configuration\": {\n \"auto-configure\": \"true\",\n },\n },\n {\n \"name\": \"secret-rotation\",\n \"configuration\": {\n \"expiration-period\": \"2505600\",\n \"rotated-expiration-period\": \"172800\",\n \"remaining-rotation-period\": \"864000\",\n },\n },\n ])\npolicy = keycloak.RealmClientPolicyProfilePolicy(\"policy\",\n name=\"my-profile\",\n realm_id=realm.id,\n description=\"Some desc\",\n profiles=[profile.name],\n conditions=[\n {\n \"name\": \"client-type\",\n \"configuration\": {\n \"protocol\": \"openid-connect\",\n },\n },\n {\n \"name\": \"client-attributes\",\n \"configuration\": {\n \"is-negative-logic\": \"false\",\n \"attributes\": json.dumps([{\n \"key\": \"test-key\",\n \"value\": \"test-value\",\n }]),\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var profile = new Keycloak.RealmClientPolicyProfile(\"profile\", new()\n {\n Name = \"my-profile\",\n RealmId = realm.Id,\n Description = \"Some desc\",\n Executors = new[]\n {\n new Keycloak.Inputs.RealmClientPolicyProfileExecutorArgs\n {\n Name = \"intent-client-bind-checker\",\n Configuration = \n {\n { \"auto-configure\", \"true\" },\n },\n },\n new Keycloak.Inputs.RealmClientPolicyProfileExecutorArgs\n {\n Name = \"secret-rotation\",\n Configuration = \n {\n { \"expiration-period\", \"2505600\" },\n { \"rotated-expiration-period\", \"172800\" },\n { \"remaining-rotation-period\", \"864000\" },\n },\n },\n },\n });\n\n var policy = new Keycloak.RealmClientPolicyProfilePolicy(\"policy\", new()\n {\n Name = \"my-profile\",\n RealmId = realm.Id,\n Description = \"Some desc\",\n Profiles = new[]\n {\n profile.Name,\n },\n Conditions = new[]\n {\n new Keycloak.Inputs.RealmClientPolicyProfilePolicyConditionArgs\n {\n Name = \"client-type\",\n Configuration = \n {\n { \"protocol\", \"openid-connect\" },\n },\n },\n new Keycloak.Inputs.RealmClientPolicyProfilePolicyConditionArgs\n {\n Name = \"client-attributes\",\n Configuration = \n {\n { \"is-negative-logic\", \"false\" },\n { \"attributes\", JsonSerializer.Serialize(new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"test-key\",\n [\"value\"] = \"test-value\",\n },\n }) },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprofile, err := keycloak.NewRealmClientPolicyProfile(ctx, \"profile\", \u0026keycloak.RealmClientPolicyProfileArgs{\n\t\t\tName: pulumi.String(\"my-profile\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"Some desc\"),\n\t\t\tExecutors: keycloak.RealmClientPolicyProfileExecutorArray{\n\t\t\t\t\u0026keycloak.RealmClientPolicyProfileExecutorArgs{\n\t\t\t\t\tName: pulumi.String(\"intent-client-bind-checker\"),\n\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\"auto-configure\": pulumi.String(\"true\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmClientPolicyProfileExecutorArgs{\n\t\t\t\t\tName: pulumi.String(\"secret-rotation\"),\n\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\"expiration-period\": pulumi.String(\"2505600\"),\n\t\t\t\t\t\t\"rotated-expiration-period\": pulumi.String(\"172800\"),\n\t\t\t\t\t\t\"remaining-rotation-period\": pulumi.String(\"864000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]map[string]interface{}{\n\t\t\tmap[string]interface{}{\n\t\t\t\t\"key\": \"test-key\",\n\t\t\t\t\"value\": \"test-value\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = keycloak.NewRealmClientPolicyProfilePolicy(ctx, \"policy\", \u0026keycloak.RealmClientPolicyProfilePolicyArgs{\n\t\t\tName: pulumi.String(\"my-profile\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"Some desc\"),\n\t\t\tProfiles: pulumi.StringArray{\n\t\t\t\tprofile.Name,\n\t\t\t},\n\t\t\tConditions: keycloak.RealmClientPolicyProfilePolicyConditionArray{\n\t\t\t\t\u0026keycloak.RealmClientPolicyProfilePolicyConditionArgs{\n\t\t\t\t\tName: pulumi.String(\"client-type\"),\n\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\"protocol\": pulumi.String(\"openid-connect\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmClientPolicyProfilePolicyConditionArgs{\n\t\t\t\t\tName: pulumi.String(\"client-attributes\"),\n\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\"is-negative-logic\": pulumi.String(\"false\"),\n\t\t\t\t\t\t\"attributes\": pulumi.String(json0),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmClientPolicyProfile;\nimport com.pulumi.keycloak.RealmClientPolicyProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmClientPolicyProfileExecutorArgs;\nimport com.pulumi.keycloak.RealmClientPolicyProfilePolicy;\nimport com.pulumi.keycloak.RealmClientPolicyProfilePolicyArgs;\nimport com.pulumi.keycloak.inputs.RealmClientPolicyProfilePolicyConditionArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var profile = new RealmClientPolicyProfile(\"profile\", RealmClientPolicyProfileArgs.builder()\n .name(\"my-profile\")\n .realmId(realm.id())\n .description(\"Some desc\")\n .executors( \n RealmClientPolicyProfileExecutorArgs.builder()\n .name(\"intent-client-bind-checker\")\n .configuration(Map.of(\"auto-configure\", \"true\"))\n .build(),\n RealmClientPolicyProfileExecutorArgs.builder()\n .name(\"secret-rotation\")\n .configuration(Map.ofEntries(\n Map.entry(\"expiration-period\", \"2505600\"),\n Map.entry(\"rotated-expiration-period\", \"172800\"),\n Map.entry(\"remaining-rotation-period\", \"864000\")\n ))\n .build())\n .build());\n\n var policy = new RealmClientPolicyProfilePolicy(\"policy\", RealmClientPolicyProfilePolicyArgs.builder()\n .name(\"my-profile\")\n .realmId(realm.id())\n .description(\"Some desc\")\n .profiles(profile.name())\n .conditions( \n RealmClientPolicyProfilePolicyConditionArgs.builder()\n .name(\"client-type\")\n .configuration(Map.of(\"protocol\", \"openid-connect\"))\n .build(),\n RealmClientPolicyProfilePolicyConditionArgs.builder()\n .name(\"client-attributes\")\n .configuration(Map.ofEntries(\n Map.entry(\"is-negative-logic\", \"false\"),\n Map.entry(\"attributes\", serializeJson(\n jsonArray(jsonObject(\n jsonProperty(\"key\", \"test-key\"),\n jsonProperty(\"value\", \"test-value\")\n ))))\n ))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n profile:\n type: keycloak:RealmClientPolicyProfile\n properties:\n name: my-profile\n realmId: ${realm.id}\n description: Some desc\n executors:\n - name: intent-client-bind-checker\n configuration:\n auto-configure: 'true'\n - name: secret-rotation\n configuration:\n expiration-period: 2.5056e+06\n rotated-expiration-period: 172800\n remaining-rotation-period: 864000\n policy:\n type: keycloak:RealmClientPolicyProfilePolicy\n properties:\n name: my-profile\n realmId: ${realm.id}\n description: Some desc\n profiles:\n - ${profile.name}\n conditions:\n - name: client-type\n configuration:\n protocol: openid-connect\n - name: client-attributes\n configuration:\n is-negative-logic: false\n attributes:\n fn::toJSON:\n - key: test-key\n value: test-value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Attribute Arguments\n\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the attribute.\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm id.\n- \u003cspan pulumi-lang-nodejs=\"`condition`\" pulumi-lang-dotnet=\"`Condition`\" pulumi-lang-go=\"`condition`\" pulumi-lang-python=\"`condition`\" pulumi-lang-yaml=\"`condition`\" pulumi-lang-java=\"`condition`\"\u003e`condition`\u003c/span\u003e - (Optional) An ordered list of condition\n\n#### Condition Arguments\n\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the executor. NOTE! The executor needs to exist\n- \u003cspan pulumi-lang-nodejs=\"`configuration`\" pulumi-lang-dotnet=\"`Configuration`\" pulumi-lang-go=\"`configuration`\" pulumi-lang-python=\"`configuration`\" pulumi-lang-yaml=\"`configuration`\" pulumi-lang-java=\"`configuration`\"\u003e`configuration`\u003c/span\u003e - (Optional) - A map of configuration values\n\n## Import\n\nThis resource currently does not support importing.\n\n","properties":{"conditions":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmClientPolicyProfilePolicyCondition:RealmClientPolicyProfilePolicyCondition"}},"description":{"type":"string"},"enabled":{"type":"boolean"},"name":{"type":"string"},"profiles":{"type":"array","items":{"type":"string"}},"realmId":{"type":"string"}},"required":["name","profiles","realmId"],"inputProperties":{"conditions":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmClientPolicyProfilePolicyCondition:RealmClientPolicyProfilePolicyCondition"}},"description":{"type":"string"},"enabled":{"type":"boolean"},"name":{"type":"string","willReplaceOnChanges":true},"profiles":{"type":"array","items":{"type":"string"},"willReplaceOnChanges":true},"realmId":{"type":"string"}},"requiredInputs":["profiles","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmClientPolicyProfilePolicy resources.\n","properties":{"conditions":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmClientPolicyProfilePolicyCondition:RealmClientPolicyProfilePolicyCondition"}},"description":{"type":"string"},"enabled":{"type":"boolean"},"name":{"type":"string","willReplaceOnChanges":true},"profiles":{"type":"array","items":{"type":"string"},"willReplaceOnChanges":true},"realmId":{"type":"string"}},"type":"object"}},"keycloak:index/realmDefaultClientScopes:RealmDefaultClientScopes":{"description":"Allows you to manage the set of default client scopes for a Keycloak realm, which are used when new clients are created.\n\nNote that this resource attempts to be an **authoritative** source over the default client scopes for a Keycloak realm,\nso any Keycloak defaults and manual adjustments will be overwritten.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst defaultScopes = new keycloak.RealmDefaultClientScopes(\"default_scopes\", {\n realmId: realm.id,\n defaultScopes: [\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\ndefault_scopes = keycloak.RealmDefaultClientScopes(\"default_scopes\",\n realm_id=realm.id,\n default_scopes=[\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var defaultScopes = new Keycloak.RealmDefaultClientScopes(\"default_scopes\", new()\n {\n RealmId = realm.Id,\n DefaultScopes = new[]\n {\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmDefaultClientScopes(ctx, \"default_scopes\", \u0026keycloak.RealmDefaultClientScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"profile\"),\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"roles\"),\n\t\t\t\tpulumi.String(\"web-origins\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.RealmDefaultClientScopes;\nimport com.pulumi.keycloak.RealmDefaultClientScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var defaultScopes = new RealmDefaultClientScopes(\"defaultScopes\", RealmDefaultClientScopesArgs.builder()\n .realmId(realm.id())\n .defaultScopes( \n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n defaultScopes:\n type: keycloak:RealmDefaultClientScopes\n name: default_scopes\n properties:\n realmId: ${realm.id}\n defaultScopes:\n - profile\n - email\n - roles\n - web-origins\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n\n","properties":{"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of default client scope names that should be used when creating new Keycloak clients.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n"}},"required":["defaultScopes","realmId"],"inputProperties":{"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of default client scope names that should be used when creating new Keycloak clients.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["defaultScopes","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmDefaultClientScopes resources.\n","properties":{"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of default client scope names that should be used when creating new Keycloak clients.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/realmEvents:RealmEvents":{"description":"Allows for managing Realm Events settings within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmEvents = new keycloak.RealmEvents(\"realm_events\", {\n realmId: realm.id,\n eventsEnabled: true,\n eventsExpiration: 3600,\n adminEventsEnabled: true,\n adminEventsDetailsEnabled: true,\n enabledEventTypes: [\n \"LOGIN\",\n \"LOGOUT\",\n ],\n eventsListeners: [\"jboss-logging\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_events = keycloak.RealmEvents(\"realm_events\",\n realm_id=realm.id,\n events_enabled=True,\n events_expiration=3600,\n admin_events_enabled=True,\n admin_events_details_enabled=True,\n enabled_event_types=[\n \"LOGIN\",\n \"LOGOUT\",\n ],\n events_listeners=[\"jboss-logging\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmEvents = new Keycloak.RealmEvents(\"realm_events\", new()\n {\n RealmId = realm.Id,\n EventsEnabled = true,\n EventsExpiration = 3600,\n AdminEventsEnabled = true,\n AdminEventsDetailsEnabled = true,\n EnabledEventTypes = new[]\n {\n \"LOGIN\",\n \"LOGOUT\",\n },\n EventsListeners = new[]\n {\n \"jboss-logging\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmEvents(ctx, \"realm_events\", \u0026keycloak.RealmEventsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEventsEnabled: pulumi.Bool(true),\n\t\t\tEventsExpiration: pulumi.Int(3600),\n\t\t\tAdminEventsEnabled: pulumi.Bool(true),\n\t\t\tAdminEventsDetailsEnabled: pulumi.Bool(true),\n\t\t\tEnabledEventTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"LOGIN\"),\n\t\t\t\tpulumi.String(\"LOGOUT\"),\n\t\t\t},\n\t\t\tEventsListeners: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"jboss-logging\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmEvents;\nimport com.pulumi.keycloak.RealmEventsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmEvents = new RealmEvents(\"realmEvents\", RealmEventsArgs.builder()\n .realmId(realm.id())\n .eventsEnabled(true)\n .eventsExpiration(3600)\n .adminEventsEnabled(true)\n .adminEventsDetailsEnabled(true)\n .enabledEventTypes( \n \"LOGIN\",\n \"LOGOUT\")\n .eventsListeners(\"jboss-logging\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmEvents:\n type: keycloak:RealmEvents\n name: realm_events\n properties:\n realmId: ${realm.id}\n eventsEnabled: true\n eventsExpiration: 3600\n adminEventsEnabled: true\n adminEventsDetailsEnabled: true # When omitted or left empty, keycloak will enable all event types\n enabledEventTypes:\n - LOGIN\n - LOGOUT\n eventsListeners:\n - jboss-logging\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource currently does not support importing.\n\n","properties":{"adminEventsDetailsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, saved admin events will included detailed information for create/update requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"adminEventsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, admin events are saved to the database, making them available through the admin console. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabledEventTypes":{"type":"array","items":{"type":"string"},"description":"The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n"},"eventsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, events from \u003cspan pulumi-lang-nodejs=\"`enabledEventTypes`\" pulumi-lang-dotnet=\"`EnabledEventTypes`\" pulumi-lang-go=\"`enabledEventTypes`\" pulumi-lang-python=\"`enabled_event_types`\" pulumi-lang-yaml=\"`enabledEventTypes`\" pulumi-lang-java=\"`enabledEventTypes`\"\u003e`enabled_event_types`\u003c/span\u003e are saved to the database, making them available through the admin console. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"eventsExpiration":{"type":"integer","description":"The amount of time in seconds events will be saved in the database. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e or never.\n"},"eventsListeners":{"type":"array","items":{"type":"string"},"description":"The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n"},"realmId":{"type":"string","description":"The name of the realm the event settings apply to.\n"}},"required":["realmId"],"inputProperties":{"adminEventsDetailsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, saved admin events will included detailed information for create/update requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"adminEventsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, admin events are saved to the database, making them available through the admin console. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabledEventTypes":{"type":"array","items":{"type":"string"},"description":"The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n"},"eventsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, events from \u003cspan pulumi-lang-nodejs=\"`enabledEventTypes`\" pulumi-lang-dotnet=\"`EnabledEventTypes`\" pulumi-lang-go=\"`enabledEventTypes`\" pulumi-lang-python=\"`enabled_event_types`\" pulumi-lang-yaml=\"`enabledEventTypes`\" pulumi-lang-java=\"`enabledEventTypes`\"\u003e`enabled_event_types`\u003c/span\u003e are saved to the database, making them available through the admin console. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"eventsExpiration":{"type":"integer","description":"The amount of time in seconds events will be saved in the database. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e or never.\n"},"eventsListeners":{"type":"array","items":{"type":"string"},"description":"The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n"},"realmId":{"type":"string","description":"The name of the realm the event settings apply to.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmEvents resources.\n","properties":{"adminEventsDetailsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, saved admin events will included detailed information for create/update requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"adminEventsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, admin events are saved to the database, making them available through the admin console. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabledEventTypes":{"type":"array","items":{"type":"string"},"description":"The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n"},"eventsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, events from \u003cspan pulumi-lang-nodejs=\"`enabledEventTypes`\" pulumi-lang-dotnet=\"`EnabledEventTypes`\" pulumi-lang-go=\"`enabledEventTypes`\" pulumi-lang-python=\"`enabled_event_types`\" pulumi-lang-yaml=\"`enabledEventTypes`\" pulumi-lang-java=\"`enabledEventTypes`\"\u003e`enabled_event_types`\u003c/span\u003e are saved to the database, making them available through the admin console. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"eventsExpiration":{"type":"integer","description":"The amount of time in seconds events will be saved in the database. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e or never.\n"},"eventsListeners":{"type":"array","items":{"type":"string"},"description":"The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n"},"realmId":{"type":"string","description":"The name of the realm the event settings apply to.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated":{"description":"Allows for creating and managing `aes-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreAesGenerated = new keycloak.RealmKeystoreAesGenerated(\"keystore_aes_generated\", {\n name: \"my-aes-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n secretSize: 16,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_aes_generated = keycloak.RealmKeystoreAesGenerated(\"keystore_aes_generated\",\n name=\"my-aes-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n secret_size=16)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreAesGenerated = new Keycloak.RealmKeystoreAesGenerated(\"keystore_aes_generated\", new()\n {\n Name = \"my-aes-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n SecretSize = 16,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreAesGenerated(ctx, \"keystore_aes_generated\", \u0026keycloak.RealmKeystoreAesGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-aes-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tSecretSize: pulumi.Int(16),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreAesGenerated;\nimport com.pulumi.keycloak.RealmKeystoreAesGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var keystoreAesGenerated = new RealmKeystoreAesGenerated(\"keystoreAesGenerated\", RealmKeystoreAesGeneratedArgs.builder()\n .name(\"my-aes-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .secretSize(16)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreAesGenerated:\n type: keycloak:RealmKeystoreAesGenerated\n name: keystore_aes_generated\n properties:\n name: my-aes-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n secretSize: 16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\n```bash\n$ terraform import keycloak_realm_keystore_aes_generated.keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n"},"secretSize":{"type":"integer","description":"Size in bytes for the generated AES Key. Size 16 is for AES-128, Size 24 for AES-192 and Size 32 for AES-256. WARN: Bigger keys then 128 bits are not allowed on some JDK implementations. Defaults to \u003cspan pulumi-lang-nodejs=\"`16`\" pulumi-lang-dotnet=\"`16`\" pulumi-lang-go=\"`16`\" pulumi-lang-python=\"`16`\" pulumi-lang-yaml=\"`16`\" pulumi-lang-java=\"`16`\"\u003e`16`\u003c/span\u003e.\n"}},"required":["name","realmId"],"inputProperties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true},"secretSize":{"type":"integer","description":"Size in bytes for the generated AES Key. Size 16 is for AES-128, Size 24 for AES-192 and Size 32 for AES-256. WARN: Bigger keys then 128 bits are not allowed on some JDK implementations. Defaults to \u003cspan pulumi-lang-nodejs=\"`16`\" pulumi-lang-dotnet=\"`16`\" pulumi-lang-go=\"`16`\" pulumi-lang-python=\"`16`\" pulumi-lang-yaml=\"`16`\" pulumi-lang-java=\"`16`\"\u003e`16`\u003c/span\u003e.\n"}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmKeystoreAesGenerated resources.\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true},"secretSize":{"type":"integer","description":"Size in bytes for the generated AES Key. Size 16 is for AES-128, Size 24 for AES-192 and Size 32 for AES-256. WARN: Bigger keys then 128 bits are not allowed on some JDK implementations. Defaults to \u003cspan pulumi-lang-nodejs=\"`16`\" pulumi-lang-dotnet=\"`16`\" pulumi-lang-go=\"`16`\" pulumi-lang-python=\"`16`\" pulumi-lang-yaml=\"`16`\" pulumi-lang-java=\"`16`\"\u003e`16`\u003c/span\u003e.\n"}},"type":"object"}},"keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated":{"description":"Allows for creating and managing \u003cspan pulumi-lang-nodejs=\"`acdsaGenerated`\" pulumi-lang-dotnet=\"`AcdsaGenerated`\" pulumi-lang-go=\"`acdsaGenerated`\" pulumi-lang-python=\"`acdsa_generated`\" pulumi-lang-yaml=\"`acdsaGenerated`\" pulumi-lang-java=\"`acdsaGenerated`\"\u003e`acdsa_generated`\u003c/span\u003e Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreEcdsaGenerated = new keycloak.RealmKeystoreEcdsaGenerated(\"keystore_ecdsa_generated\", {\n name: \"my-ecdsa-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n ellipticCurveKey: \"P-256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated(\"keystore_ecdsa_generated\",\n name=\"my-ecdsa-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n elliptic_curve_key=\"P-256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreEcdsaGenerated = new Keycloak.RealmKeystoreEcdsaGenerated(\"keystore_ecdsa_generated\", new()\n {\n Name = \"my-ecdsa-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n EllipticCurveKey = \"P-256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreEcdsaGenerated(ctx, \"keystore_ecdsa_generated\", \u0026keycloak.RealmKeystoreEcdsaGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-ecdsa-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tEllipticCurveKey: pulumi.String(\"P-256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var keystoreEcdsaGenerated = new RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", RealmKeystoreEcdsaGeneratedArgs.builder()\n .name(\"my-ecdsa-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .ellipticCurveKey(\"P-256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreEcdsaGenerated:\n type: keycloak:RealmKeystoreEcdsaGenerated\n name: keystore_ecdsa_generated\n properties:\n name: my-ecdsa-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n ellipticCurveKey: P-256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\n```bash\n$ terraform import keycloak_realm_keystore_ecdsa_generated.keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"ellipticCurveKey":{"type":"string","description":"Elliptic Curve used in ECDSA. Defaults to `P-256`.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n"}},"required":["name","realmId"],"inputProperties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"ellipticCurveKey":{"type":"string","description":"Elliptic Curve used in ECDSA. Defaults to `P-256`.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmKeystoreEcdsaGenerated resources.\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"ellipticCurveKey":{"type":"string","description":"Elliptic Curve used in ECDSA. Defaults to `P-256`.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated":{"description":"Allows for creating and managing `hmac-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreHmacGenerated = new keycloak.RealmKeystoreHmacGenerated(\"keystore_hmac_generated\", {\n name: \"my-hmac-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"HS256\",\n secretSize: 64,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated(\"keystore_hmac_generated\",\n name=\"my-hmac-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"HS256\",\n secret_size=64)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreHmacGenerated = new Keycloak.RealmKeystoreHmacGenerated(\"keystore_hmac_generated\", new()\n {\n Name = \"my-hmac-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"HS256\",\n SecretSize = 64,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreHmacGenerated(ctx, \"keystore_hmac_generated\", \u0026keycloak.RealmKeystoreHmacGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-hmac-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"HS256\"),\n\t\t\tSecretSize: pulumi.Int(64),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreHmacGenerated;\nimport com.pulumi.keycloak.RealmKeystoreHmacGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var keystoreHmacGenerated = new RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", RealmKeystoreHmacGeneratedArgs.builder()\n .name(\"my-hmac-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"HS256\")\n .secretSize(64)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreHmacGenerated:\n type: keycloak:RealmKeystoreHmacGenerated\n name: keystore_hmac_generated\n properties:\n name: my-hmac-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: HS256\n secretSize: 64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\n```bash\n$ terraform import keycloak_realm_keystore_hmac_generated.keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `HS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n"},"secretSize":{"type":"integer","description":"Size in bytes for the generated secret. Defaults to \u003cspan pulumi-lang-nodejs=\"`64`\" pulumi-lang-dotnet=\"`64`\" pulumi-lang-go=\"`64`\" pulumi-lang-python=\"`64`\" pulumi-lang-yaml=\"`64`\" pulumi-lang-java=\"`64`\"\u003e`64`\u003c/span\u003e.\n"}},"required":["name","realmId"],"inputProperties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `HS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true},"secretSize":{"type":"integer","description":"Size in bytes for the generated secret. Defaults to \u003cspan pulumi-lang-nodejs=\"`64`\" pulumi-lang-dotnet=\"`64`\" pulumi-lang-go=\"`64`\" pulumi-lang-python=\"`64`\" pulumi-lang-yaml=\"`64`\" pulumi-lang-java=\"`64`\"\u003e`64`\u003c/span\u003e.\n"}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmKeystoreHmacGenerated resources.\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `HS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true},"secretSize":{"type":"integer","description":"Size in bytes for the generated secret. Defaults to \u003cspan pulumi-lang-nodejs=\"`64`\" pulumi-lang-dotnet=\"`64`\" pulumi-lang-go=\"`64`\" pulumi-lang-python=\"`64`\" pulumi-lang-yaml=\"`64`\" pulumi-lang-java=\"`64`\"\u003e`64`\u003c/span\u003e.\n"}},"type":"object"}},"keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated":{"description":"Allows for creating and managing `java-keystore` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst javaKeystore = new keycloak.RealmKeystoreJavaGenerated(\"java_keystore\", {\n name: \"my-java-keystore\",\n realmId: realm.id,\n enabled: true,\n active: true,\n keystore: \"\u003cpath to your keystore\u003e\",\n keystorePassword: \"\u003cpassword for keystore\u003e\",\n keyAlias: \"\u003calias for the private key\u003e\",\n keyPassword: \"\u003cpassword for the private key\u003e\",\n priority: 100,\n algorithm: \"RS256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\njava_keystore = keycloak.RealmKeystoreJavaGenerated(\"java_keystore\",\n name=\"my-java-keystore\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n keystore=\"\u003cpath to your keystore\u003e\",\n keystore_password=\"\u003cpassword for keystore\u003e\",\n key_alias=\"\u003calias for the private key\u003e\",\n key_password=\"\u003cpassword for the private key\u003e\",\n priority=100,\n algorithm=\"RS256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var javaKeystore = new Keycloak.RealmKeystoreJavaGenerated(\"java_keystore\", new()\n {\n Name = \"my-java-keystore\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Keystore = \"\u003cpath to your keystore\u003e\",\n KeystorePassword = \"\u003cpassword for keystore\u003e\",\n KeyAlias = \"\u003calias for the private key\u003e\",\n KeyPassword = \"\u003cpassword for the private key\u003e\",\n Priority = 100,\n Algorithm = \"RS256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreJavaGenerated(ctx, \"java_keystore\", \u0026keycloak.RealmKeystoreJavaGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-java-keystore\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tKeystore: pulumi.String(\"\u003cpath to your keystore\u003e\"),\n\t\t\tKeystorePassword: pulumi.String(\"\u003cpassword for keystore\u003e\"),\n\t\t\tKeyAlias: pulumi.String(\"\u003calias for the private key\u003e\"),\n\t\t\tKeyPassword: pulumi.String(\"\u003cpassword for the private key\u003e\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreJavaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreJavaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var javaKeystore = new RealmKeystoreJavaGenerated(\"javaKeystore\", RealmKeystoreJavaGeneratedArgs.builder()\n .name(\"my-java-keystore\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .keystore(\"\u003cpath to your keystore\u003e\")\n .keystorePassword(\"\u003cpassword for keystore\u003e\")\n .keyAlias(\"\u003calias for the private key\u003e\")\n .keyPassword(\"\u003cpassword for the private key\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n javaKeystore:\n type: keycloak:RealmKeystoreJavaGenerated\n name: java_keystore\n properties:\n name: my-java-keystore\n realmId: ${realm.id}\n enabled: true\n active: true\n keystore: \u003cpath to your keystore\u003e\n keystorePassword: \u003cpassword for keystore\u003e\n keyAlias: \u003calias for the private key\u003e\n keyPassword: \u003cpassword for the private key\u003e\n priority: 100\n algorithm: RS256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\n```bash\n$ terraform import keycloak_realm_keystore_java_keystore.java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"keyAlias":{"type":"string","description":"Alias for the private key.\n"},"keyPassword":{"type":"string","description":"Password for the private key.\n"},"keystore":{"type":"string","description":"Path to keys file on keycloak instance.\n"},"keystorePassword":{"type":"string","description":"Password for the keys.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n"}},"required":["keyAlias","keyPassword","keystore","keystorePassword","name","realmId"],"inputProperties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"keyAlias":{"type":"string","description":"Alias for the private key.\n"},"keyPassword":{"type":"string","description":"Password for the private key.\n"},"keystore":{"type":"string","description":"Path to keys file on keycloak instance.\n"},"keystorePassword":{"type":"string","description":"Password for the keys.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["keyAlias","keyPassword","keystore","keystorePassword","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmKeystoreJavaGenerated resources.\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"keyAlias":{"type":"string","description":"Alias for the private key.\n"},"keyPassword":{"type":"string","description":"Password for the private key.\n"},"keystore":{"type":"string","description":"Path to keys file on keycloak instance.\n"},"keystorePassword":{"type":"string","description":"Password for the keys.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/realmKeystoreRsa:RealmKeystoreRsa":{"description":"Allows for creating and managing \u003cspan pulumi-lang-nodejs=\"`rsa`\" pulumi-lang-dotnet=\"`Rsa`\" pulumi-lang-go=\"`rsa`\" pulumi-lang-python=\"`rsa`\" pulumi-lang-yaml=\"`rsa`\" pulumi-lang-java=\"`rsa`\"\u003e`rsa`\u003c/span\u003e Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreRsa = new keycloak.RealmKeystoreRsa(\"keystore_rsa\", {\n name: \"my-rsa-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n privateKey: \"\u003cyour rsa private key\u003e\",\n certificate: \"\u003cyour certificate\u003e\",\n priority: 100,\n algorithm: \"RS256\",\n keystoreSize: 2048,\n providerId: \"rsa\",\n extraConfig: {\n kid: \"my-key-id\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_rsa = keycloak.RealmKeystoreRsa(\"keystore_rsa\",\n name=\"my-rsa-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n private_key=\"\u003cyour rsa private key\u003e\",\n certificate=\"\u003cyour certificate\u003e\",\n priority=100,\n algorithm=\"RS256\",\n keystore_size=2048,\n provider_id=\"rsa\",\n extra_config={\n \"kid\": \"my-key-id\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreRsa = new Keycloak.RealmKeystoreRsa(\"keystore_rsa\", new()\n {\n Name = \"my-rsa-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n PrivateKey = \"\u003cyour rsa private key\u003e\",\n Certificate = \"\u003cyour certificate\u003e\",\n Priority = 100,\n Algorithm = \"RS256\",\n KeystoreSize = 2048,\n ProviderId = \"rsa\",\n ExtraConfig = \n {\n { \"kid\", \"my-key-id\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreRsa(ctx, \"keystore_rsa\", \u0026keycloak.RealmKeystoreRsaArgs{\n\t\t\tName: pulumi.String(\"my-rsa-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPrivateKey: pulumi.String(\"\u003cyour rsa private key\u003e\"),\n\t\t\tCertificate: pulumi.String(\"\u003cyour certificate\u003e\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t\tKeystoreSize: 2048,\n\t\t\tProviderId: pulumi.String(\"rsa\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"kid\": pulumi.String(\"my-key-id\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsa;\nimport com.pulumi.keycloak.RealmKeystoreRsaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var keystoreRsa = new RealmKeystoreRsa(\"keystoreRsa\", RealmKeystoreRsaArgs.builder()\n .name(\"my-rsa-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .privateKey(\"\u003cyour rsa private key\u003e\")\n .certificate(\"\u003cyour certificate\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .keystoreSize(2048)\n .providerId(\"rsa\")\n .extraConfig(Map.of(\"kid\", \"my-key-id\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsa:\n type: keycloak:RealmKeystoreRsa\n name: keystore_rsa\n properties:\n name: my-rsa-key\n realmId: ${realm.id}\n enabled: true\n active: true\n privateKey: \u003cyour rsa private key\u003e\n certificate: \u003cyour certificate\u003e\n priority: 100\n algorithm: RS256\n keystoreSize: 2048\n providerId: rsa\n extraConfig:\n kid: my-key-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\n```bash\n$ terraform import keycloak_realm_keystore_rsa.keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`. Use `RSA-OAEP` for encryption keys\n"},"certificate":{"type":"string","description":"X509 Certificate encoded in PEM format.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like \u003cspan pulumi-lang-nodejs=\"`kid`\" pulumi-lang-dotnet=\"`Kid`\" pulumi-lang-go=\"`kid`\" pulumi-lang-python=\"`kid`\" pulumi-lang-yaml=\"`kid`\" pulumi-lang-java=\"`kid`\"\u003e`kid`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"privateKey":{"type":"string","description":"Private RSA Key encoded in PEM format.\n"},"providerId":{"type":"string","description":"Use \u003cspan pulumi-lang-nodejs=\"`rsa`\" pulumi-lang-dotnet=\"`Rsa`\" pulumi-lang-go=\"`rsa`\" pulumi-lang-python=\"`rsa`\" pulumi-lang-yaml=\"`rsa`\" pulumi-lang-java=\"`rsa`\"\u003e`rsa`\u003c/span\u003e for signing keys, `rsa-enc` for encryption keys\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n"}},"required":["certificate","name","privateKey","realmId"],"inputProperties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`. Use `RSA-OAEP` for encryption keys\n"},"certificate":{"type":"string","description":"X509 Certificate encoded in PEM format.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like \u003cspan pulumi-lang-nodejs=\"`kid`\" pulumi-lang-dotnet=\"`Kid`\" pulumi-lang-go=\"`kid`\" pulumi-lang-python=\"`kid`\" pulumi-lang-yaml=\"`kid`\" pulumi-lang-java=\"`kid`\"\u003e`kid`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"privateKey":{"type":"string","description":"Private RSA Key encoded in PEM format.\n"},"providerId":{"type":"string","description":"Use \u003cspan pulumi-lang-nodejs=\"`rsa`\" pulumi-lang-dotnet=\"`Rsa`\" pulumi-lang-go=\"`rsa`\" pulumi-lang-python=\"`rsa`\" pulumi-lang-yaml=\"`rsa`\" pulumi-lang-java=\"`rsa`\"\u003e`rsa`\u003c/span\u003e for signing keys, `rsa-enc` for encryption keys\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["certificate","privateKey","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmKeystoreRsa resources.\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`. Use `RSA-OAEP` for encryption keys\n"},"certificate":{"type":"string","description":"X509 Certificate encoded in PEM format.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like \u003cspan pulumi-lang-nodejs=\"`kid`\" pulumi-lang-dotnet=\"`Kid`\" pulumi-lang-go=\"`kid`\" pulumi-lang-python=\"`kid`\" pulumi-lang-yaml=\"`kid`\" pulumi-lang-java=\"`kid`\"\u003e`kid`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"privateKey":{"type":"string","description":"Private RSA Key encoded in PEM format.\n"},"providerId":{"type":"string","description":"Use \u003cspan pulumi-lang-nodejs=\"`rsa`\" pulumi-lang-dotnet=\"`Rsa`\" pulumi-lang-go=\"`rsa`\" pulumi-lang-python=\"`rsa`\" pulumi-lang-yaml=\"`rsa`\" pulumi-lang-java=\"`rsa`\"\u003e`rsa`\u003c/span\u003e for signing keys, `rsa-enc` for encryption keys\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated":{"description":"Allows for creating and managing `rsa-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreRsaGenerated = new keycloak.RealmKeystoreRsaGenerated(\"keystore_rsa_generated\", {\n name: \"my-rsa-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"RS256\",\n keySize: 2048,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated(\"keystore_rsa_generated\",\n name=\"my-rsa-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"RS256\",\n key_size=2048)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreRsaGenerated = new Keycloak.RealmKeystoreRsaGenerated(\"keystore_rsa_generated\", new()\n {\n Name = \"my-rsa-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"RS256\",\n KeySize = 2048,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreRsaGenerated(ctx, \"keystore_rsa_generated\", \u0026keycloak.RealmKeystoreRsaGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-rsa-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t\tKeySize: pulumi.Int(2048),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreRsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var keystoreRsaGenerated = new RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", RealmKeystoreRsaGeneratedArgs.builder()\n .name(\"my-rsa-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"RS256\")\n .keySize(2048)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsaGenerated:\n type: keycloak:RealmKeystoreRsaGenerated\n name: keystore_rsa_generated\n properties:\n name: my-rsa-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: RS256\n keySize: 2048\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\n```bash\n$ terraform import keycloak_realm_keystore_rsa_generated.keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"keySize":{"type":"integer","description":"Size for the generated keys. Defaults to \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n"}},"required":["name","realmId"],"inputProperties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"keySize":{"type":"integer","description":"Size for the generated keys. Defaults to \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmKeystoreRsaGenerated resources.\n","properties":{"active":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key in not used for signing. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"algorithm":{"type":"string","description":"Intended algorithm for the key. Defaults to `RS256`\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, key is not accessible in this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"keySize":{"type":"integer","description":"Size for the generated keys. Defaults to \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e.\n"},"name":{"type":"string","description":"Display name of provider when linked in admin console.\n"},"priority":{"type":"integer","description":"Priority for the provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e\n"},"realmId":{"type":"string","description":"The realm this keystore exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/realmLocalization:RealmLocalization":{"description":"Allows for managing Realm Localization Text overrides within Keycloak.\n\nA localization resource defines a schema for representing a locale with a map of key/value pairs and how they are managed within a realm.\n\nNote: whilst you can provide localization texts for unsupported locales, they will not take effect until they are defined within the realm resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst germanTexts = new keycloak.RealmLocalization(\"german_texts\", {\n realmId: myRealm.id,\n locale: \"de\",\n texts: {\n Hello: \"Hallo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\ngerman_texts = keycloak.RealmLocalization(\"german_texts\",\n realm_id=my_realm[\"id\"],\n locale=\"de\",\n texts={\n \"Hello\": \"Hallo\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var germanTexts = new Keycloak.RealmLocalization(\"german_texts\", new()\n {\n RealmId = myRealm.Id,\n Locale = \"de\",\n Texts = \n {\n { \"Hello\", \"Hallo\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmLocalization(ctx, \"german_texts\", \u0026keycloak.RealmLocalizationArgs{\n\t\t\tRealmId: pulumi.Any(myRealm.Id),\n\t\t\tLocale: pulumi.String(\"de\"),\n\t\t\tTexts: pulumi.StringMap{\n\t\t\t\t\"Hello\": pulumi.String(\"Hallo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmLocalization;\nimport com.pulumi.keycloak.RealmLocalizationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var germanTexts = new RealmLocalization(\"germanTexts\", RealmLocalizationArgs.builder()\n .realmId(myRealm.id())\n .locale(\"de\")\n .texts(Map.of(\"Hello\", \"Hallo\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n germanTexts:\n type: keycloak:RealmLocalization\n name: german_texts\n properties:\n realmId: ${myRealm.id}\n locale: de\n texts:\n Hello: Hallo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not currently support importing.\n\n","properties":{"locale":{"type":"string","description":"The locale (language code) the texts apply to.\n"},"realmId":{"type":"string","description":"The ID of the realm the user profile applies to.\n"},"texts":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of translation keys to values.\n"}},"required":["locale","realmId"],"inputProperties":{"locale":{"type":"string","description":"The locale (language code) the texts apply to.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The ID of the realm the user profile applies to.\n","willReplaceOnChanges":true},"texts":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of translation keys to values.\n"}},"requiredInputs":["locale","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmLocalization resources.\n","properties":{"locale":{"type":"string","description":"The locale (language code) the texts apply to.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The ID of the realm the user profile applies to.\n","willReplaceOnChanges":true},"texts":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of translation keys to values.\n"}},"type":"object"}},"keycloak:index/realmOptionalClientScopes:RealmOptionalClientScopes":{"description":"Allows you to manage the set of optional client scopes for a Keycloak realm, which are used when new clients are created.\n\nNote that this resource attempts to be an **authoritative** source over the optional client scopes for a Keycloak realm,\nso any Keycloak defaults and manual adjustments will be overwritten.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst optionalScopes = new keycloak.RealmOptionalClientScopes(\"optional_scopes\", {\n realmId: realm.id,\n optionalScopes: [\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\noptional_scopes = keycloak.RealmOptionalClientScopes(\"optional_scopes\",\n realm_id=realm.id,\n optional_scopes=[\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var optionalScopes = new Keycloak.RealmOptionalClientScopes(\"optional_scopes\", new()\n {\n RealmId = realm.Id,\n OptionalScopes = new[]\n {\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmOptionalClientScopes(ctx, \"optional_scopes\", \u0026keycloak.RealmOptionalClientScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tOptionalScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"address\"),\n\t\t\t\tpulumi.String(\"phone\"),\n\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\tpulumi.String(\"microprofile-jwt\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.RealmOptionalClientScopes;\nimport com.pulumi.keycloak.RealmOptionalClientScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var optionalScopes = new RealmOptionalClientScopes(\"optionalScopes\", RealmOptionalClientScopesArgs.builder()\n .realmId(realm.id())\n .optionalScopes( \n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n optionalScopes:\n type: keycloak:RealmOptionalClientScopes\n name: optional_scopes\n properties:\n realmId: ${realm.id}\n optionalScopes:\n - address\n - phone\n - offline_access\n - microprofile-jwt\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n\n","properties":{"optionalScopes":{"type":"array","items":{"type":"string"},"description":"An array of optional client scope names that should be used when creating new Keycloak clients.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n"}},"required":["optionalScopes","realmId"],"inputProperties":{"optionalScopes":{"type":"array","items":{"type":"string"},"description":"An array of optional client scope names that should be used when creating new Keycloak clients.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["optionalScopes","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmOptionalClientScopes resources.\n","properties":{"optionalScopes":{"type":"array","items":{"type":"string"},"description":"An array of optional client scope names that should be used when creating new Keycloak clients.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/realmUserProfile:RealmUserProfile":{"description":"Allows for managing Realm User Profiles within Keycloak.\n\nA user profile defines a schema for representing user attributes and how they are managed within a realm.\n\nInformation for Keycloak versions \u003c 24:\nThe realm linked to the \u003cspan pulumi-lang-nodejs=\"`keycloak.RealmUserProfile`\" pulumi-lang-dotnet=\"`keycloak.RealmUserProfile`\" pulumi-lang-go=\"`RealmUserProfile`\" pulumi-lang-python=\"`RealmUserProfile`\" pulumi-lang-yaml=\"`keycloak.RealmUserProfile`\" pulumi-lang-java=\"`keycloak.RealmUserProfile`\"\u003e`keycloak.RealmUserProfile`\u003c/span\u003e resource must have the user profile feature enabled.\nIt can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst userprofile = new keycloak.RealmUserProfile(\"userprofile\", {\n realmId: myRealm.id,\n unmanagedAttributePolicy: \"ENABLED\",\n attributes: [\n {\n name: \"field1\",\n displayName: \"Field 1\",\n group: \"group1\",\n multiValued: false,\n enabledWhenScopes: [\"offline_access\"],\n requiredForRoles: [\"user\"],\n requiredForScopes: [\"offline_access\"],\n permissions: {\n views: [\n \"admin\",\n \"user\",\n ],\n edits: [\n \"admin\",\n \"user\",\n ],\n },\n validators: [\n {\n name: \"person-name-prohibited-characters\",\n },\n {\n name: \"pattern\",\n config: {\n pattern: \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n annotations: {\n foo: \"bar\",\n },\n },\n {\n name: \"field2\",\n validators: [{\n name: \"options\",\n config: {\n options: JSON.stringify([\"opt1\"]),\n },\n }],\n annotations: {\n foo: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n ],\n groups: [\n {\n name: \"group1\",\n displayHeader: \"Group 1\",\n displayDescription: \"A first group\",\n annotations: {\n foo: \"bar\",\n foo2: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n {\n name: \"group2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nuserprofile = keycloak.RealmUserProfile(\"userprofile\",\n realm_id=my_realm[\"id\"],\n unmanaged_attribute_policy=\"ENABLED\",\n attributes=[\n {\n \"name\": \"field1\",\n \"display_name\": \"Field 1\",\n \"group\": \"group1\",\n \"multi_valued\": False,\n \"enabled_when_scopes\": [\"offline_access\"],\n \"required_for_roles\": [\"user\"],\n \"required_for_scopes\": [\"offline_access\"],\n \"permissions\": {\n \"views\": [\n \"admin\",\n \"user\",\n ],\n \"edits\": [\n \"admin\",\n \"user\",\n ],\n },\n \"validators\": [\n {\n \"name\": \"person-name-prohibited-characters\",\n },\n {\n \"name\": \"pattern\",\n \"config\": {\n \"pattern\": \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n \"annotations\": {\n \"foo\": \"bar\",\n },\n },\n {\n \"name\": \"field2\",\n \"validators\": [{\n \"name\": \"options\",\n \"config\": {\n \"options\": json.dumps([\"opt1\"]),\n },\n }],\n \"annotations\": {\n \"foo\": json.dumps({\n \"key\": \"val\",\n }),\n },\n },\n ],\n groups=[\n {\n \"name\": \"group1\",\n \"display_header\": \"Group 1\",\n \"display_description\": \"A first group\",\n \"annotations\": {\n \"foo\": \"bar\",\n \"foo2\": json.dumps({\n \"key\": \"val\",\n }),\n },\n },\n {\n \"name\": \"group2\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var userprofile = new Keycloak.RealmUserProfile(\"userprofile\", new()\n {\n RealmId = myRealm.Id,\n UnmanagedAttributePolicy = \"ENABLED\",\n Attributes = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field1\",\n DisplayName = \"Field 1\",\n Group = \"group1\",\n MultiValued = false,\n EnabledWhenScopes = new[]\n {\n \"offline_access\",\n },\n RequiredForRoles = new[]\n {\n \"user\",\n },\n RequiredForScopes = new[]\n {\n \"offline_access\",\n },\n Permissions = new Keycloak.Inputs.RealmUserProfileAttributePermissionsArgs\n {\n Views = new[]\n {\n \"admin\",\n \"user\",\n },\n Edits = new[]\n {\n \"admin\",\n \"user\",\n },\n },\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"person-name-prohibited-characters\",\n },\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"pattern\",\n Config = \n {\n { \"pattern\", \"^[a-z]+$\" },\n { \"error-message\", \"Nope\" },\n },\n },\n },\n Annotations = \n {\n { \"foo\", \"bar\" },\n },\n },\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field2\",\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"options\",\n Config = \n {\n { \"options\", JsonSerializer.Serialize(new[]\n {\n \"opt1\",\n }) },\n },\n },\n },\n Annotations = \n {\n { \"foo\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n },\n Groups = new[]\n {\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group1\",\n DisplayHeader = \"Group 1\",\n DisplayDescription = \"A first group\",\n Annotations = \n {\n { \"foo\", \"bar\" },\n { \"foo2\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\"opt1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t_, err = keycloak.NewRealmUserProfile(ctx, \"userprofile\", \u0026keycloak.RealmUserProfileArgs{\n\t\t\tRealmId: pulumi.Any(myRealm.Id),\n\t\t\tUnmanagedAttributePolicy: pulumi.String(\"ENABLED\"),\n\t\t\tAttributes: keycloak.RealmUserProfileAttributeArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field1\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Field 1\"),\n\t\t\t\t\tGroup: pulumi.String(\"group1\"),\n\t\t\t\t\tMultiValued: pulumi.Bool(false),\n\t\t\t\t\tEnabledWhenScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tPermissions: \u0026keycloak.RealmUserProfileAttributePermissionsArgs{\n\t\t\t\t\t\tViews: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEdits: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"person-name-prohibited-characters\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"pattern\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"pattern\": pulumi.String(\"^[a-z]+$\"),\n\t\t\t\t\t\t\t\t\"error-message\": pulumi.String(\"Nope\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field2\"),\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"options\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"options\": pulumi.String(json0),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(json1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroups: keycloak.RealmUserProfileGroupArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group1\"),\n\t\t\t\t\tDisplayHeader: pulumi.String(\"Group 1\"),\n\t\t\t\t\tDisplayDescription: pulumi.String(\"A first group\"),\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\t\"foo2\": pulumi.String(json2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmUserProfile;\nimport com.pulumi.keycloak.RealmUserProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributeArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributePermissionsArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var userprofile = new RealmUserProfile(\"userprofile\", RealmUserProfileArgs.builder()\n .realmId(myRealm.id())\n .unmanagedAttributePolicy(\"ENABLED\")\n .attributes( \n RealmUserProfileAttributeArgs.builder()\n .name(\"field1\")\n .displayName(\"Field 1\")\n .group(\"group1\")\n .multiValued(false)\n .enabledWhenScopes(\"offline_access\")\n .requiredForRoles(\"user\")\n .requiredForScopes(\"offline_access\")\n .permissions(RealmUserProfileAttributePermissionsArgs.builder()\n .views( \n \"admin\",\n \"user\")\n .edits( \n \"admin\",\n \"user\")\n .build())\n .validators( \n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"person-name-prohibited-characters\")\n .build(),\n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"pattern\")\n .config(Map.ofEntries(\n Map.entry(\"pattern\", \"^[a-z]+$\"),\n Map.entry(\"error-message\", \"Nope\")\n ))\n .build())\n .annotations(Map.of(\"foo\", \"bar\"))\n .build(),\n RealmUserProfileAttributeArgs.builder()\n .name(\"field2\")\n .validators(RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"options\")\n .config(Map.of(\"options\", serializeJson(\n jsonArray(\"opt1\"))))\n .build())\n .annotations(Map.of(\"foo\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n ))))\n .build())\n .groups( \n RealmUserProfileGroupArgs.builder()\n .name(\"group1\")\n .displayHeader(\"Group 1\")\n .displayDescription(\"A first group\")\n .annotations(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"foo2\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n )))\n ))\n .build(),\n RealmUserProfileGroupArgs.builder()\n .name(\"group2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n userprofile:\n type: keycloak:RealmUserProfile\n properties:\n realmId: ${myRealm.id}\n unmanagedAttributePolicy: ENABLED\n attributes:\n - name: field1\n displayName: Field 1\n group: group1\n multiValued: false\n enabledWhenScopes:\n - offline_access\n requiredForRoles:\n - user\n requiredForScopes:\n - offline_access\n permissions:\n views:\n - admin\n - user\n edits:\n - admin\n - user\n validators:\n - name: person-name-prohibited-characters\n - name: pattern\n config:\n pattern: ^[a-z]+$\n error-message: Nope\n annotations:\n foo: bar\n - name: field2\n validators:\n - name: options\n config:\n options:\n fn::toJSON:\n - opt1\n annotations:\n foo:\n fn::toJSON:\n key: val\n groups:\n - name: group1\n displayHeader: Group 1\n displayDescription: A first group\n annotations:\n foo: bar\n foo2:\n fn::toJSON:\n key: val\n - name: group2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource currently does not support importing.\n\n","properties":{"attributes":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmUserProfileAttribute:RealmUserProfileAttribute"},"description":"An ordered list of attributes.\n"},"groups":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmUserProfileGroup:RealmUserProfileGroup"},"description":"A list of groups.\n"},"realmId":{"type":"string","description":"The ID of the realm the user profile applies to.\n"},"unmanagedAttributePolicy":{"type":"string","description":"Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED`\n"}},"required":["realmId"],"inputProperties":{"attributes":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmUserProfileAttribute:RealmUserProfileAttribute"},"description":"An ordered list of attributes.\n"},"groups":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmUserProfileGroup:RealmUserProfileGroup"},"description":"A list of groups.\n"},"realmId":{"type":"string","description":"The ID of the realm the user profile applies to.\n","willReplaceOnChanges":true},"unmanagedAttributePolicy":{"type":"string","description":"Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED`\n"}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RealmUserProfile resources.\n","properties":{"attributes":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmUserProfileAttribute:RealmUserProfileAttribute"},"description":"An ordered list of attributes.\n"},"groups":{"type":"array","items":{"$ref":"#/types/keycloak:index/RealmUserProfileGroup:RealmUserProfileGroup"},"description":"A list of groups.\n"},"realmId":{"type":"string","description":"The ID of the realm the user profile applies to.\n","willReplaceOnChanges":true},"unmanagedAttributePolicy":{"type":"string","description":"Unmanaged attributes are user attributes not explicitly defined in the user profile configuration. By default, unmanaged attributes are not enabled. Value could be one of `DISABLED`, `ENABLED`, `ADMIN_EDIT` or `ADMIN_VIEW`. If value is not specified it means `DISABLED`\n"}},"type":"object"}},"keycloak:index/requiredAction:RequiredAction":{"description":"Allows for creating and managing required actions within Keycloak.\n\n[Required actions](https://www.keycloak.org/docs/latest/server_admin/#con-required-actions_server_administration_guide) specify actions required before the first login of all new users.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst requiredAction = new keycloak.RequiredAction(\"required_action\", {\n realmId: realm.realm,\n alias: \"UPDATE_PASSWORD\",\n enabled: true,\n name: \"Update Password\",\n config: {\n max_auth_age: \"600\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrequired_action = keycloak.RequiredAction(\"required_action\",\n realm_id=realm.realm,\n alias=\"UPDATE_PASSWORD\",\n enabled=True,\n name=\"Update Password\",\n config={\n \"max_auth_age\": \"600\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var requiredAction = new Keycloak.RequiredAction(\"required_action\", new()\n {\n RealmId = realm.RealmName,\n Alias = \"UPDATE_PASSWORD\",\n Enabled = true,\n Name = \"Update Password\",\n Config = \n {\n { \"max_auth_age\", \"600\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRequiredAction(ctx, \"required_action\", \u0026keycloak.RequiredActionArgs{\n\t\t\tRealmId: realm.Realm,\n\t\t\tAlias: pulumi.String(\"UPDATE_PASSWORD\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"Update Password\"),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"max_auth_age\": pulumi.String(\"600\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RequiredAction;\nimport com.pulumi.keycloak.RequiredActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var requiredAction = new RequiredAction(\"requiredAction\", RequiredActionArgs.builder()\n .realmId(realm.realm())\n .alias(\"UPDATE_PASSWORD\")\n .enabled(true)\n .name(\"Update Password\")\n .config(Map.of(\"max_auth_age\", \"600\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n requiredAction:\n type: keycloak:RequiredAction\n name: required_action\n properties:\n realmId: ${realm.realm}\n alias: UPDATE_PASSWORD\n enabled: true\n name: Update Password\n config:\n max_auth_age: '600'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Keycloak built-in required actions\n\n| Alias | Description | Class\n|-----------------------------------|---------------------------------------------|-----------------------------\n| `CONFIGURE_RECOVERY_AUTHN_CODES` | Configure recovery authentication codes | [RecoveryAuthnCodesAction](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/RecoveryAuthnCodesAction.html)\n| `CONFIGURE_TOTP` | Require user to configure 2FA (TOTP) | [UpdateTotp](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/UpdateTotp.html)\n| \u003cspan pulumi-lang-nodejs=\"`deleteAccount`\" pulumi-lang-dotnet=\"`DeleteAccount`\" pulumi-lang-go=\"`deleteAccount`\" pulumi-lang-python=\"`delete_account`\" pulumi-lang-yaml=\"`deleteAccount`\" pulumi-lang-java=\"`deleteAccount`\"\u003e`delete_account`\u003c/span\u003e | Allow user to delete their account | [DeleteAccount](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/DeleteAccount.html)\n| \u003cspan pulumi-lang-nodejs=\"`deleteCredential`\" pulumi-lang-dotnet=\"`DeleteCredential`\" pulumi-lang-go=\"`deleteCredential`\" pulumi-lang-python=\"`delete_credential`\" pulumi-lang-yaml=\"`deleteCredential`\" pulumi-lang-java=\"`deleteCredential`\"\u003e`delete_credential`\u003c/span\u003e | Allow user to delete a credential |\n| \u003cspan pulumi-lang-nodejs=\"`idpLink`\" pulumi-lang-dotnet=\"`IdpLink`\" pulumi-lang-go=\"`idpLink`\" pulumi-lang-python=\"`idp_link`\" pulumi-lang-yaml=\"`idpLink`\" pulumi-lang-java=\"`idpLink`\"\u003e`idp_link`\u003c/span\u003e | Link account with identity provider |\n| `TERMS_AND_CONDITIONS` | Require user to accept terms and conditions | [TermsAndConditions](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/TermsAndConditions.html)\n| `UPDATE_PASSWORD` | Prompt user to update their password | [UpdatePassword](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/UpdatePassword.html)\n| `UPDATE_PROFILE` | Prompt user to update their profile | [UpdateProfile](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/UpdateProfile.html)\n| \u003cspan pulumi-lang-nodejs=\"`updateUserLocale`\" pulumi-lang-dotnet=\"`UpdateUserLocale`\" pulumi-lang-go=\"`updateUserLocale`\" pulumi-lang-python=\"`update_user_locale`\" pulumi-lang-yaml=\"`updateUserLocale`\" pulumi-lang-java=\"`updateUserLocale`\"\u003e`update_user_locale`\u003c/span\u003e | Prompt user to set or update their locale | [UpdateUserLocaleAction](https://www.keycloak.org/docs-api/21.0.2/javadocs/org/keycloak/authentication/requiredactions/UpdateUserLocaleAction.html)\n| `VERIFY_EMAIL` | Require user to verify their email address | [VerifyEmail](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/VerifyEmail.html)\n| `VERIFY_PROFILE` | Verify user profile information | [VerifyUserProfile](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/authentication/requiredactions/VerifyUserProfile.html)\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realm}}/{{alias}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_required_action.required_action my-realm/my-default-action-alias\n```\n\n","properties":{"alias":{"type":"string","description":"The alias of the action to attach as a required action. Case sensitive.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The configuration. Keys are specific to each configurable required action and not checked when applying.\n"},"defaultAction":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the required action is set as the default action for new users. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, the required action is not enabled for new users. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The name of the required action to use in the UI.\n"},"priority":{"type":"integer","description":"An integer to specify the running order of required actions with lower numbers meaning higher precedence.\n"},"realmId":{"type":"string","description":"The realm the required action exists in.\n"}},"required":["alias","name","priority","realmId"],"inputProperties":{"alias":{"type":"string","description":"The alias of the action to attach as a required action. Case sensitive.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The configuration. Keys are specific to each configurable required action and not checked when applying.\n"},"defaultAction":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the required action is set as the default action for new users. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, the required action is not enabled for new users. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The name of the required action to use in the UI.\n"},"priority":{"type":"integer","description":"An integer to specify the running order of required actions with lower numbers meaning higher precedence.\n"},"realmId":{"type":"string","description":"The realm the required action exists in.\n"}},"requiredInputs":["alias","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering RequiredAction resources.\n","properties":{"alias":{"type":"string","description":"The alias of the action to attach as a required action. Case sensitive.\n"},"config":{"type":"object","additionalProperties":{"type":"string"},"description":"The configuration. Keys are specific to each configurable required action and not checked when applying.\n"},"defaultAction":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the required action is set as the default action for new users. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, the required action is not enabled for new users. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The name of the required action to use in the UI.\n"},"priority":{"type":"integer","description":"An integer to specify the running order of required actions with lower numbers meaning higher precedence.\n"},"realmId":{"type":"string","description":"The realm the required action exists in.\n"}},"type":"object"}},"keycloak:index/role:Role":{"description":"Allows for creating and managing roles within Keycloak.\n\nRoles allow you to define privileges within Keycloak and map them to users and groups.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n attributes: {\n key: \"value\",\n multivalue: \"value1##value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\",\n attributes={\n \"key\": \"value\",\n \"multivalue\": \"value1##value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n { \"multivalue\", \"value1##value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t\t\"multivalue\": pulumi.String(\"value1##value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .attributes(Map.ofEntries(\n Map.entry(\"key\", \"value\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n attributes:\n key: value\n multivalue: value1##value2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: openidClientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=openid_client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(openidClientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(openidClientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${openidClientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n attributes:\n key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Composite Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// realm roles\nconst createRole = new keycloak.Role(\"create_role\", {\n realmId: realm.id,\n name: \"create\",\n attributes: {\n key: \"value\",\n },\n});\nconst readRole = new keycloak.Role(\"read_role\", {\n realmId: realm.id,\n name: \"read\",\n attributes: {\n key: \"value\",\n },\n});\nconst updateRole = new keycloak.Role(\"update_role\", {\n realmId: realm.id,\n name: \"update\",\n attributes: {\n key: \"value\",\n },\n});\nconst deleteRole = new keycloak.Role(\"delete_role\", {\n realmId: realm.id,\n name: \"delete\",\n attributes: {\n key: \"value\",\n },\n});\n// client role\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: openidClientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n attributes: {\n key: \"value\",\n },\n});\nconst adminRole = new keycloak.Role(\"admin_role\", {\n realmId: realm.id,\n name: \"admin\",\n compositeRoles: [\n createRole.id,\n readRole.id,\n updateRole.id,\n deleteRole.id,\n clientRole.id,\n ],\n attributes: {\n key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# realm roles\ncreate_role = keycloak.Role(\"create_role\",\n realm_id=realm.id,\n name=\"create\",\n attributes={\n \"key\": \"value\",\n })\nread_role = keycloak.Role(\"read_role\",\n realm_id=realm.id,\n name=\"read\",\n attributes={\n \"key\": \"value\",\n })\nupdate_role = keycloak.Role(\"update_role\",\n realm_id=realm.id,\n name=\"update\",\n attributes={\n \"key\": \"value\",\n })\ndelete_role = keycloak.Role(\"delete_role\",\n realm_id=realm.id,\n name=\"delete\",\n attributes={\n \"key\": \"value\",\n })\n# client role\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=openid_client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\",\n attributes={\n \"key\": \"value\",\n })\nadmin_role = keycloak.Role(\"admin_role\",\n realm_id=realm.id,\n name=\"admin\",\n composite_roles=[\n create_role.id,\n read_role.id,\n update_role.id,\n delete_role.id,\n client_role.id,\n ],\n attributes={\n \"key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // realm roles\n var createRole = new Keycloak.Role(\"create_role\", new()\n {\n RealmId = realm.Id,\n Name = \"create\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var readRole = new Keycloak.Role(\"read_role\", new()\n {\n RealmId = realm.Id,\n Name = \"read\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var updateRole = new Keycloak.Role(\"update_role\", new()\n {\n RealmId = realm.Id,\n Name = \"update\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var deleteRole = new Keycloak.Role(\"delete_role\", new()\n {\n RealmId = realm.Id,\n Name = \"delete\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n // client role\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n var adminRole = new Keycloak.Role(\"admin_role\", new()\n {\n RealmId = realm.Id,\n Name = \"admin\",\n CompositeRoles = new[]\n {\n createRole.Id,\n readRole.Id,\n updateRole.Id,\n deleteRole.Id,\n clientRole.Id,\n },\n Attributes = \n {\n { \"key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// realm roles\n\t\tcreateRole, err := keycloak.NewRole(ctx, \"create_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"create\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treadRole, err := keycloak.NewRole(ctx, \"read_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"read\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tupdateRole, err := keycloak.NewRole(ctx, \"update_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"update\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdeleteRole, err := keycloak.NewRole(ctx, \"delete_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"delete\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client role\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(openidClientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"admin_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"admin\"),\n\t\t\tCompositeRoles: pulumi.StringArray{\n\t\t\t\tcreateRole.ID(),\n\t\t\t\treadRole.ID(),\n\t\t\t\tupdateRole.ID(),\n\t\t\t\tdeleteRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n // realm roles\n var createRole = new Role(\"createRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"create\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var readRole = new Role(\"readRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"read\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var updateRole = new Role(\"updateRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"update\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var deleteRole = new Role(\"deleteRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"delete\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n // client role\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(openidClientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"admin\")\n .compositeRoles( \n createRole.id(),\n readRole.id(),\n updateRole.id(),\n deleteRole.id(),\n clientRole.id())\n .attributes(Map.of(\"key\", \"value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # realm roles\n createRole:\n type: keycloak:Role\n name: create_role\n properties:\n realmId: ${realm.id}\n name: create\n attributes:\n key: value\n readRole:\n type: keycloak:Role\n name: read_role\n properties:\n realmId: ${realm.id}\n name: read\n attributes:\n key: value\n updateRole:\n type: keycloak:Role\n name: update_role\n properties:\n realmId: ${realm.id}\n name: update\n attributes:\n key: value\n deleteRole:\n type: keycloak:Role\n name: delete_role\n properties:\n realmId: ${realm.id}\n name: delete\n attributes:\n key: value\n # client role\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${openidClientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n attributes:\n key: value\n adminRole:\n type: keycloak:Role\n name: admin_role\n properties:\n realmId: ${realm.id}\n name: admin\n compositeRoles:\n - ${createRole.id}\n - ${readRole.id}\n - ${updateRole.id}\n - ${deleteRole.id}\n - ${clientRole.id}\n attributes:\n key: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRoles can be imported using the format `{{realm_id}}/{{role_id}}`, where \u003cspan pulumi-lang-nodejs=\"`roleId`\" pulumi-lang-dotnet=\"`RoleId`\" pulumi-lang-go=\"`roleId`\" pulumi-lang-python=\"`role_id`\" pulumi-lang-yaml=\"`roleId`\" pulumi-lang-java=\"`roleId`\"\u003e`role_id`\u003c/span\u003e is the unique ID that Keycloak assigns\nto the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role.\n\nExample:\n\n```bash\n$ terraform import keycloak_role.role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad\n```\n\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n"},"clientId":{"type":"string","description":"When specified, this role will be created as a client role attached to the client with the provided ID\n"},"compositeRoles":{"type":"array","items":{"type":"string"},"description":"When specified, this role will be a composite role, composed of all roles that have an ID present within this list.\n"},"description":{"type":"string","description":"The description of the role\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the role with the specified \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The name of the role\n"},"realmId":{"type":"string","description":"The realm this role exists within.\n"}},"required":["attributes","compositeRoles","description","name","realmId"],"inputProperties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n"},"clientId":{"type":"string","description":"When specified, this role will be created as a client role attached to the client with the provided ID\n","willReplaceOnChanges":true},"compositeRoles":{"type":"array","items":{"type":"string"},"description":"When specified, this role will be a composite role, composed of all roles that have an ID present within this list.\n"},"description":{"type":"string","description":"The description of the role\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the role with the specified \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the role\n"},"realmId":{"type":"string","description":"The realm this role exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Role resources.\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the role. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n"},"clientId":{"type":"string","description":"When specified, this role will be created as a client role attached to the client with the provided ID\n","willReplaceOnChanges":true},"compositeRoles":{"type":"array","items":{"type":"string"},"description":"When specified, this role will be a composite role, composed of all roles that have an ID present within this list.\n"},"description":{"type":"string","description":"The description of the role\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the role with the specified \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with roles that Keycloak creates automatically during realm creation, such as the client roles `create-client`, `view-realm`, ... for the client `realm-management` created per realm. Note, that the role will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the role\n"},"realmId":{"type":"string","description":"The realm this role exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/user:User":{"description":"Allows for creating and managing Users within Keycloak.\n\nThis resource was created primarily to enable the acceptance tests for the \u003cspan pulumi-lang-nodejs=\"`keycloak.Group`\" pulumi-lang-dotnet=\"`keycloak.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`keycloak.Group`\" pulumi-lang-java=\"`keycloak.Group`\"\u003e`keycloak.Group`\u003c/span\u003e resource. Creating users within\nKeycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers\nor identity providers.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userWithInitialPassword = new keycloak.User(\"user_with_initial_password\", {\n realmId: realm.id,\n username: \"alice\",\n enabled: true,\n email: \"alice@domain.com\",\n firstName: \"Alice\",\n lastName: \"Aliceberg\",\n attributes: {\n foo: \"bar\",\n multivalue: \"value1##value2\",\n },\n initialPassword: {\n value: \"some password\",\n temporary: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_with_initial_password = keycloak.User(\"user_with_initial_password\",\n realm_id=realm.id,\n username=\"alice\",\n enabled=True,\n email=\"alice@domain.com\",\n first_name=\"Alice\",\n last_name=\"Aliceberg\",\n attributes={\n \"foo\": \"bar\",\n \"multivalue\": \"value1##value2\",\n },\n initial_password={\n \"value\": \"some password\",\n \"temporary\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userWithInitialPassword = new Keycloak.User(\"user_with_initial_password\", new()\n {\n RealmId = realm.Id,\n Username = \"alice\",\n Enabled = true,\n Email = \"alice@domain.com\",\n FirstName = \"Alice\",\n LastName = \"Aliceberg\",\n Attributes = \n {\n { \"foo\", \"bar\" },\n { \"multivalue\", \"value1##value2\" },\n },\n InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs\n {\n Value = \"some password\",\n Temporary = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"user_with_initial_password\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"alice\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"alice@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Alice\"),\n\t\t\tLastName: pulumi.String(\"Aliceberg\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\"multivalue\": pulumi.String(\"value1##value2\"),\n\t\t\t},\n\t\t\tInitialPassword: \u0026keycloak.UserInitialPasswordArgs{\n\t\t\t\tValue: pulumi.String(\"some password\"),\n\t\t\t\tTemporary: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.inputs.UserInitialPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userWithInitialPassword = new User(\"userWithInitialPassword\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"alice\")\n .enabled(true)\n .email(\"alice@domain.com\")\n .firstName(\"Alice\")\n .lastName(\"Aliceberg\")\n .attributes(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"multivalue\", \"value1##value2\")\n ))\n .initialPassword(UserInitialPasswordArgs.builder()\n .value(\"some password\")\n .temporary(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userWithInitialPassword:\n type: keycloak:User\n name: user_with_initial_password\n properties:\n realmId: ${realm.id}\n username: alice\n enabled: true\n email: alice@domain.com\n firstName: Alice\n lastName: Aliceberg\n attributes:\n foo: bar\n multivalue: value1##value2\n initialPassword:\n value: some password\n temporary: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsers can be imported using the format `{{realm_id}}/{{user_id}}`, where \u003cspan pulumi-lang-nodejs=\"`userId`\" pulumi-lang-dotnet=\"`UserId`\" pulumi-lang-go=\"`userId`\" pulumi-lang-python=\"`user_id`\" pulumi-lang-yaml=\"`userId`\" pulumi-lang-java=\"`userId`\"\u003e`user_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the user upon creation. This value can be found in the GUI when editing the user.\n\nExample:\n\n```bash\n$ terraform import keycloak_user.user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4\n```\n\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n"},"email":{"type":"string","description":"The user's email.\n"},"emailVerified":{"type":"boolean","description":"Whether the email address was validated or not. Default to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When false, this user cannot log in. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"federatedIdentities":{"type":"array","items":{"$ref":"#/types/keycloak:index/UserFederatedIdentity:UserFederatedIdentity"},"description":"When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details.\n"},"firstName":{"type":"string","description":"The user's first name.\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the user with the specified \u003cspan pulumi-lang-nodejs=\"`username`\" pulumi-lang-dotnet=\"`Username`\" pulumi-lang-go=\"`username`\" pulumi-lang-python=\"`username`\" pulumi-lang-yaml=\"`username`\" pulumi-lang-java=\"`username`\"\u003e`username`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as \u003cspan pulumi-lang-nodejs=\"`admin`\" pulumi-lang-dotnet=\"`Admin`\" pulumi-lang-go=\"`admin`\" pulumi-lang-python=\"`admin`\" pulumi-lang-yaml=\"`admin`\" pulumi-lang-java=\"`admin`\"\u003e`admin`\u003c/span\u003e. Note, that the user will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"initialPassword":{"$ref":"#/types/keycloak:index/UserInitialPassword:UserInitialPassword","description":"When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n"},"lastName":{"type":"string","description":"The user's last name.\n"},"realmId":{"type":"string","description":"The realm this user belongs to.\n"},"requiredActions":{"type":"array","items":{"type":"string"},"description":"A list of required user actions.\n"},"username":{"type":"string","description":"The unique username of this user.\n"}},"required":["realmId","username"],"inputProperties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n"},"email":{"type":"string","description":"The user's email.\n"},"emailVerified":{"type":"boolean","description":"Whether the email address was validated or not. Default to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When false, this user cannot log in. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"federatedIdentities":{"type":"array","items":{"$ref":"#/types/keycloak:index/UserFederatedIdentity:UserFederatedIdentity"},"description":"When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details.\n"},"firstName":{"type":"string","description":"The user's first name.\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the user with the specified \u003cspan pulumi-lang-nodejs=\"`username`\" pulumi-lang-dotnet=\"`Username`\" pulumi-lang-go=\"`username`\" pulumi-lang-python=\"`username`\" pulumi-lang-yaml=\"`username`\" pulumi-lang-java=\"`username`\"\u003e`username`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as \u003cspan pulumi-lang-nodejs=\"`admin`\" pulumi-lang-dotnet=\"`Admin`\" pulumi-lang-go=\"`admin`\" pulumi-lang-python=\"`admin`\" pulumi-lang-yaml=\"`admin`\" pulumi-lang-java=\"`admin`\"\u003e`admin`\u003c/span\u003e. Note, that the user will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n","willReplaceOnChanges":true},"initialPassword":{"$ref":"#/types/keycloak:index/UserInitialPassword:UserInitialPassword","description":"When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n"},"lastName":{"type":"string","description":"The user's last name.\n"},"realmId":{"type":"string","description":"The realm this user belongs to.\n","willReplaceOnChanges":true},"requiredActions":{"type":"array","items":{"type":"string"},"description":"A list of required user actions.\n"},"username":{"type":"string","description":"The unique username of this user.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId","username"],"stateInputs":{"description":"Input properties used for looking up and filtering User resources.\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"},"description":"A map representing attributes for the user. In order to add multivalue attributes, use `##` to seperate the values. Max length for each value is 255 chars\n"},"email":{"type":"string","description":"The user's email.\n"},"emailVerified":{"type":"boolean","description":"Whether the email address was validated or not. Default to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When false, this user cannot log in. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"federatedIdentities":{"type":"array","items":{"$ref":"#/types/keycloak:index/UserFederatedIdentity:UserFederatedIdentity"},"description":"When specified, the user will be linked to a federated identity provider. Refer to the federated user example for more details.\n"},"firstName":{"type":"string","description":"The user's first name.\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the user with the specified \u003cspan pulumi-lang-nodejs=\"`username`\" pulumi-lang-dotnet=\"`Username`\" pulumi-lang-go=\"`username`\" pulumi-lang-python=\"`username`\" pulumi-lang-yaml=\"`username`\" pulumi-lang-java=\"`username`\"\u003e`username`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with users that Keycloak creates automatically during realm creation, such as \u003cspan pulumi-lang-nodejs=\"`admin`\" pulumi-lang-dotnet=\"`Admin`\" pulumi-lang-go=\"`admin`\" pulumi-lang-python=\"`admin`\" pulumi-lang-yaml=\"`admin`\" pulumi-lang-java=\"`admin`\"\u003e`admin`\u003c/span\u003e. Note, that the user will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n","willReplaceOnChanges":true},"initialPassword":{"$ref":"#/types/keycloak:index/UserInitialPassword:UserInitialPassword","description":"When given, the user's initial password will be set. This attribute is only respected during initial user creation.\n"},"lastName":{"type":"string","description":"The user's last name.\n"},"realmId":{"type":"string","description":"The realm this user belongs to.\n","willReplaceOnChanges":true},"requiredActions":{"type":"array","items":{"type":"string"},"description":"A list of required user actions.\n"},"username":{"type":"string","description":"The unique username of this user.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/userGroups:UserGroups":{"description":"Allows for managing a Keycloak user's groups.\n\nIf \u003cspan pulumi-lang-nodejs=\"`exhaustive`\" pulumi-lang-dotnet=\"`Exhaustive`\" pulumi-lang-go=\"`exhaustive`\" pulumi-lang-python=\"`exhaustive`\" pulumi-lang-yaml=\"`exhaustive`\" pulumi-lang-java=\"`exhaustive`\"\u003e`exhaustive`\u003c/span\u003e is true, this resource attempts to be an **authoritative** source over user groups: groups that are manually added to the user will be removed, and groups that are manually removed from the user group will be added upon the next run of `pulumi up`.\nIf \u003cspan pulumi-lang-nodejs=\"`exhaustive`\" pulumi-lang-dotnet=\"`Exhaustive`\" pulumi-lang-go=\"`exhaustive`\" pulumi-lang-python=\"`exhaustive`\" pulumi-lang-yaml=\"`exhaustive`\" pulumi-lang-java=\"`exhaustive`\"\u003e`exhaustive`\u003c/span\u003e is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple \u003cspan pulumi-lang-nodejs=\"`keycloak.UserGroups`\" pulumi-lang-dotnet=\"`keycloak.UserGroups`\" pulumi-lang-go=\"`UserGroups`\" pulumi-lang-python=\"`UserGroups`\" pulumi-lang-yaml=\"`keycloak.UserGroups`\" pulumi-lang-java=\"`keycloak.UserGroups`\"\u003e`keycloak.UserGroups`\u003c/span\u003e for the same \u003cspan pulumi-lang-nodejs=\"`userId`\" pulumi-lang-dotnet=\"`UserId`\" pulumi-lang-go=\"`userId`\" pulumi-lang-python=\"`user_id`\" pulumi-lang-yaml=\"`userId`\" pulumi-lang-java=\"`userId`\"\u003e`user_id`\u003c/span\u003e.\n\n\n## Example Usage\n\n### Exhaustive Groups)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"foo\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroups = new keycloak.UserGroups(\"user_groups\", {\n realmId: realm.id,\n userId: user.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"foo\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups = keycloak.UserGroups(\"user_groups\",\n realm_id=realm.id,\n user_id=user.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"foo\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroups = new Keycloak.UserGroups(\"user_groups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"user_groups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"foo\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroups = new UserGroups(\"userGroups\", UserGroupsArgs.builder()\n .realmId(realm.id())\n .userId(user.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: foo\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroups:\n type: keycloak:UserGroups\n name: user_groups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n groupIds:\n - ${group.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n","properties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of the user's groups is exhaustive. In this case, groups that are manually added to the user will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"groupIds":{"type":"array","items":{"type":"string"},"description":"A list of group IDs that the user is member of.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n"},"userId":{"type":"string","description":"The ID of the user this resource should manage groups for.\n"}},"required":["groupIds","realmId","userId"],"inputProperties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of the user's groups is exhaustive. In this case, groups that are manually added to the user will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"groupIds":{"type":"array","items":{"type":"string"},"description":"A list of group IDs that the user is member of.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true},"userId":{"type":"string","description":"The ID of the user this resource should manage groups for.\n","willReplaceOnChanges":true}},"requiredInputs":["groupIds","realmId","userId"],"stateInputs":{"description":"Input properties used for looking up and filtering UserGroups resources.\n","properties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of the user's groups is exhaustive. In this case, groups that are manually added to the user will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"groupIds":{"type":"array","items":{"type":"string"},"description":"A list of group IDs that the user is member of.\n"},"realmId":{"type":"string","description":"The realm this group exists in.\n","willReplaceOnChanges":true},"userId":{"type":"string","description":"The ID of the user this resource should manage groups for.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/userRoles:UserRoles":{"description":"Allows you to manage roles assigned to a Keycloak user.\n\nIf \u003cspan pulumi-lang-nodejs=\"`exhaustive`\" pulumi-lang-dotnet=\"`Exhaustive`\" pulumi-lang-go=\"`exhaustive`\" pulumi-lang-python=\"`exhaustive`\" pulumi-lang-yaml=\"`exhaustive`\" pulumi-lang-java=\"`exhaustive`\"\u003e`exhaustive`\u003c/span\u003e is true, this resource attempts to be an **authoritative** source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the\nuser will be added upon the next run of `pulumi up`.\nIf \u003cspan pulumi-lang-nodejs=\"`exhaustive`\" pulumi-lang-dotnet=\"`Exhaustive`\" pulumi-lang-go=\"`exhaustive`\" pulumi-lang-python=\"`exhaustive`\" pulumi-lang-yaml=\"`exhaustive`\" pulumi-lang-java=\"`exhaustive`\"\u003e`exhaustive`\u003c/span\u003e is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple \u003cspan pulumi-lang-nodejs=\"`keycloak.UserRoles`\" pulumi-lang-dotnet=\"`keycloak.UserRoles`\" pulumi-lang-go=\"`UserRoles`\" pulumi-lang-python=\"`UserRoles`\" pulumi-lang-yaml=\"`keycloak.UserRoles`\" pulumi-lang-java=\"`keycloak.UserRoles`\"\u003e`keycloak.UserRoles`\u003c/span\u003e for the same \u003cspan pulumi-lang-nodejs=\"`userId`\" pulumi-lang-dotnet=\"`UserId`\" pulumi-lang-go=\"`userId`\" pulumi-lang-python=\"`user_id`\" pulumi-lang-yaml=\"`userId`\" pulumi-lang-java=\"`userId`\"\u003e`user_id`\u003c/span\u003e.\n\nNote that when assigning composite roles to a user, you may see a non-empty plan following a `pulumi up` if you assign\na role and a composite that includes that role to the same user.\n\n## Example Usage\n\n### Exhaustive Roles)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: clientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userRoles = new keycloak.UserRoles(\"user_roles\", {\n realmId: realm.id,\n userId: user.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_roles = keycloak.UserRoles(\"user_roles\",\n realm_id=realm.id,\n user_id=user.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = clientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userRoles = new Keycloak.UserRoles(\"user_roles\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(clientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserRoles(ctx, \"user_roles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(clientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userRoles = new UserRoles(\"userRoles\", UserRolesArgs.builder()\n .realmId(realm.id())\n .userId(user.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${clientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userRoles:\n type: keycloak:UserRoles\n name: user_roles\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{user_id}}`, where \u003cspan pulumi-lang-nodejs=\"`userId`\" pulumi-lang-dotnet=\"`UserId`\" pulumi-lang-go=\"`userId`\" pulumi-lang-python=\"`user_id`\" pulumi-lang-yaml=\"`userId`\" pulumi-lang-java=\"`userId`\"\u003e`user_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_user_roles.user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924\n```\n\n","properties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm this user exists in.\n"},"roleIds":{"type":"array","items":{"type":"string"},"description":"A list of role IDs to map to the user\n"},"userId":{"type":"string","description":"The ID of the user this resource should manage roles for.\n"}},"required":["realmId","roleIds","userId"],"inputProperties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm this user exists in.\n","willReplaceOnChanges":true},"roleIds":{"type":"array","items":{"type":"string"},"description":"A list of role IDs to map to the user\n"},"userId":{"type":"string","description":"The ID of the user this resource should manage roles for.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId","roleIds","userId"],"stateInputs":{"description":"Input properties used for looking up and filtering UserRoles resources.\n","properties":{"exhaustive":{"type":"boolean","description":"Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm this user exists in.\n","willReplaceOnChanges":true},"roleIds":{"type":"array","items":{"type":"string"},"description":"A list of role IDs to map to the user\n"},"userId":{"type":"string","description":"The ID of the user this resource should manage roles for.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper":{"description":"Allows for creating and managing an username template importer identity provider mapper within Keycloak.\n\nThe username template importer mapper can be used to map externally defined OIDC claims or SAML attributes with a template to the username of the imported Keycloak user:\n\n- Substitutions are enclosed in \\${}. For example: '\\${ALIAS}.\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst usernameImporter = new keycloak.UserTemplateImporterIdentityProviderMapper(\"username_importer\", {\n realm: realm.id,\n name: \"username-template-importer\",\n identityProviderAlias: oidc.alias,\n template: \"${ALIAS}.${CLAIM.email}\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nusername_importer = keycloak.UserTemplateImporterIdentityProviderMapper(\"username_importer\",\n realm=realm.id,\n name=\"username-template-importer\",\n identity_provider_alias=oidc.alias,\n template=\"${ALIAS}.${CLAIM.email}\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var usernameImporter = new Keycloak.UserTemplateImporterIdentityProviderMapper(\"username_importer\", new()\n {\n Realm = realm.Id,\n Name = \"username-template-importer\",\n IdentityProviderAlias = oidc.Alias,\n Template = \"${ALIAS}.${CLAIM.email}\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserTemplateImporterIdentityProviderMapper(ctx, \"username_importer\", \u0026keycloak.UserTemplateImporterIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"username-template-importer\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tTemplate: pulumi.String(\"${ALIAS}.${CLAIM.email}\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"syncMode\": pulumi.String(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var usernameImporter = new UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", UserTemplateImporterIdentityProviderMapperArgs.builder()\n .realm(realm.id())\n .name(\"username-template-importer\")\n .identityProviderAlias(oidc.alias())\n .template(\"${ALIAS}.${CLAIM.email}\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n usernameImporter:\n type: keycloak:UserTemplateImporterIdentityProviderMapper\n name: username_importer\n properties:\n realm: ${realm.id}\n name: username-template-importer\n identityProviderAlias: ${oidc.alias}\n template: $${ALIAS}.$${CLAIM.email}\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where \u003cspan pulumi-lang-nodejs=\"`idpAlias`\" pulumi-lang-dotnet=\"`IdpAlias`\" pulumi-lang-go=\"`idpAlias`\" pulumi-lang-python=\"`idp_alias`\" pulumi-lang-yaml=\"`idpAlias`\" pulumi-lang-java=\"`idpAlias`\"\u003e`idp_alias`\u003c/span\u003e is the identity provider alias, and \u003cspan pulumi-lang-nodejs=\"`idpMapperId`\" pulumi-lang-dotnet=\"`IdpMapperId`\" pulumi-lang-go=\"`idpMapperId`\" pulumi-lang-python=\"`idp_mapper_id`\" pulumi-lang-yaml=\"`idpMapperId`\" pulumi-lang-java=\"`idpMapperId`\"\u003e`idp_mapper_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_user_template_importer_identity_provider_mapper.username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n"},"name":{"type":"string","description":"The name of the mapper.\n"},"realm":{"type":"string","description":"The name of the realm.\n"},"template":{"type":"string","description":"Template to use to format the username to import. Substitutions are enclosed in \\${}. For example: '\\$\\${ALIAS}.\\$\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n"}},"required":["identityProviderAlias","name","realm"],"inputProperties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true},"template":{"type":"string","description":"Template to use to format the username to import. Substitutions are enclosed in \\${}. For example: '\\$\\${ALIAS}.\\$\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n"}},"requiredInputs":["identityProviderAlias","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering UserTemplateImporterIdentityProviderMapper resources.\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"Key/value attributes to add to the identity provider mapper model that is persisted to Keycloak. This can be used to extend the base model with new Keycloak features.\n"},"identityProviderAlias":{"type":"string","description":"The alias of the associated identity provider.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The name of the mapper.\n","willReplaceOnChanges":true},"realm":{"type":"string","description":"The name of the realm.\n","willReplaceOnChanges":true},"template":{"type":"string","description":"Template to use to format the username to import. Substitutions are enclosed in \\${}. For example: '\\$\\${ALIAS}.\\$\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n"}},"type":"object"}},"keycloak:index/usersPermissions:UsersPermissions":{"description":"Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions\n\nThis is part of a preview Keycloak feature: \u003cspan pulumi-lang-nodejs=\"`adminFineGrainedAuthz`\" pulumi-lang-dotnet=\"`AdminFineGrainedAuthz`\" pulumi-lang-go=\"`adminFineGrainedAuthz`\" pulumi-lang-python=\"`admin_fine_grained_authz`\" pulumi-lang-yaml=\"`adminFineGrainedAuthz`\" pulumi-lang-java=\"`adminFineGrainedAuthz`\"\u003e`admin_fine_grained_authz`\u003c/span\u003e (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).\nThis feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the\nexample `docker-compose.yml` file for an example.\n\nWhen enabling fine-grained permissions for users, Keycloak does several things automatically:\n1. Enable Authorization on built-in `realm-management` client (if not already enabled).\n1. Create a resource representing the users permissions.\n1. Create scopes \u003cspan pulumi-lang-nodejs=\"`view`\" pulumi-lang-dotnet=\"`View`\" pulumi-lang-go=\"`view`\" pulumi-lang-python=\"`view`\" pulumi-lang-yaml=\"`view`\" pulumi-lang-java=\"`view`\"\u003e`view`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`manage`\" pulumi-lang-dotnet=\"`Manage`\" pulumi-lang-go=\"`manage`\" pulumi-lang-python=\"`manage`\" pulumi-lang-yaml=\"`manage`\" pulumi-lang-java=\"`manage`\"\u003e`manage`\u003c/span\u003e, `map-roles`, `manage-group-membership`, \u003cspan pulumi-lang-nodejs=\"`impersonate`\" pulumi-lang-dotnet=\"`Impersonate`\" pulumi-lang-go=\"`impersonate`\" pulumi-lang-python=\"`impersonate`\" pulumi-lang-yaml=\"`impersonate`\" pulumi-lang-java=\"`impersonate`\"\u003e`impersonate`\u003c/span\u003e, and `user-impersonated`.\n1. Create all scope based permission for the scopes and users resources.\n\n\u003e This resource should only be created once per realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst realmManagement = keycloak.openid.getClientOutput({\n realmId: realm.id,\n clientId: \"realm-management\",\n});\n// enable permissions for realm-management client\nconst realmManagementPermission = new keycloak.openid.ClientPermissions(\"realm_management_permission\", {\n realmId: realm.id,\n clientId: realmManagement.apply(realmManagement =\u003e realmManagement.id),\n enabled: true,\n});\n// creating a user to use with the keycloak_openid_client_user_policy resource\nconst test = new keycloak.User(\"test\", {\n realmId: realm.id,\n username: \"test-user\",\n email: \"test-user@fakedomain.com\",\n firstName: \"Testy\",\n lastName: \"Tester\",\n});\nconst testClientUserPolicy = new keycloak.openid.ClientUserPolicy(\"test\", {\n realmId: realm.id,\n resourceServerId: realmManagement.apply(realmManagement =\u003e realmManagement.id),\n name: \"client_user_policy_test\",\n users: [test.id],\n logic: \"POSITIVE\",\n decisionStrategy: \"UNANIMOUS\",\n}, {\n dependsOn: [realmManagementPermission],\n});\nconst usersPermissions = new keycloak.UsersPermissions(\"users_permissions\", {\n realmId: realm.id,\n viewScope: {\n policies: [testClientUserPolicy.id],\n description: \"description\",\n decisionStrategy: \"UNANIMOUS\",\n },\n manageScope: {\n policies: [testClientUserPolicy.id],\n description: \"description\",\n decisionStrategy: \"UNANIMOUS\",\n },\n mapRolesScope: {\n policies: [testClientUserPolicy.id],\n description: \"description\",\n decisionStrategy: \"UNANIMOUS\",\n },\n manageGroupMembershipScope: {\n policies: [testClientUserPolicy.id],\n description: \"description\",\n decisionStrategy: \"UNANIMOUS\",\n },\n impersonateScope: {\n policies: [testClientUserPolicy.id],\n description: \"description\",\n decisionStrategy: \"UNANIMOUS\",\n },\n userImpersonatedScope: {\n policies: [testClientUserPolicy.id],\n description: \"description\",\n decisionStrategy: \"UNANIMOUS\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nrealm_management = keycloak.openid.get_client_output(realm_id=realm.id,\n client_id=\"realm-management\")\n# enable permissions for realm-management client\nrealm_management_permission = keycloak.openid.ClientPermissions(\"realm_management_permission\",\n realm_id=realm.id,\n client_id=realm_management.id,\n enabled=True)\n# creating a user to use with the keycloak_openid_client_user_policy resource\ntest = keycloak.User(\"test\",\n realm_id=realm.id,\n username=\"test-user\",\n email=\"test-user@fakedomain.com\",\n first_name=\"Testy\",\n last_name=\"Tester\")\ntest_client_user_policy = keycloak.openid.ClientUserPolicy(\"test\",\n realm_id=realm.id,\n resource_server_id=realm_management.id,\n name=\"client_user_policy_test\",\n users=[test.id],\n logic=\"POSITIVE\",\n decision_strategy=\"UNANIMOUS\",\n opts = pulumi.ResourceOptions(depends_on=[realm_management_permission]))\nusers_permissions = keycloak.UsersPermissions(\"users_permissions\",\n realm_id=realm.id,\n view_scope={\n \"policies\": [test_client_user_policy.id],\n \"description\": \"description\",\n \"decision_strategy\": \"UNANIMOUS\",\n },\n manage_scope={\n \"policies\": [test_client_user_policy.id],\n \"description\": \"description\",\n \"decision_strategy\": \"UNANIMOUS\",\n },\n map_roles_scope={\n \"policies\": [test_client_user_policy.id],\n \"description\": \"description\",\n \"decision_strategy\": \"UNANIMOUS\",\n },\n manage_group_membership_scope={\n \"policies\": [test_client_user_policy.id],\n \"description\": \"description\",\n \"decision_strategy\": \"UNANIMOUS\",\n },\n impersonate_scope={\n \"policies\": [test_client_user_policy.id],\n \"description\": \"description\",\n \"decision_strategy\": \"UNANIMOUS\",\n },\n user_impersonated_scope={\n \"policies\": [test_client_user_policy.id],\n \"description\": \"description\",\n \"decision_strategy\": \"UNANIMOUS\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = \"realm-management\",\n });\n\n // enable permissions for realm-management client\n var realmManagementPermission = new Keycloak.OpenId.ClientPermissions(\"realm_management_permission\", new()\n {\n RealmId = realm.Id,\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Enabled = true,\n });\n\n // creating a user to use with the keycloak_openid_client_user_policy resource\n var test = new Keycloak.User(\"test\", new()\n {\n RealmId = realm.Id,\n Username = \"test-user\",\n Email = \"test-user@fakedomain.com\",\n FirstName = \"Testy\",\n LastName = \"Tester\",\n });\n\n var testClientUserPolicy = new Keycloak.OpenId.ClientUserPolicy(\"test\", new()\n {\n RealmId = realm.Id,\n ResourceServerId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"client_user_policy_test\",\n Users = new[]\n {\n test.Id,\n },\n Logic = \"POSITIVE\",\n DecisionStrategy = \"UNANIMOUS\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n realmManagementPermission,\n },\n });\n\n var usersPermissions = new Keycloak.UsersPermissions(\"users_permissions\", new()\n {\n RealmId = realm.Id,\n ViewScope = new Keycloak.Inputs.UsersPermissionsViewScopeArgs\n {\n Policies = new[]\n {\n testClientUserPolicy.Id,\n },\n Description = \"description\",\n DecisionStrategy = \"UNANIMOUS\",\n },\n ManageScope = new Keycloak.Inputs.UsersPermissionsManageScopeArgs\n {\n Policies = new[]\n {\n testClientUserPolicy.Id,\n },\n Description = \"description\",\n DecisionStrategy = \"UNANIMOUS\",\n },\n MapRolesScope = new Keycloak.Inputs.UsersPermissionsMapRolesScopeArgs\n {\n Policies = new[]\n {\n testClientUserPolicy.Id,\n },\n Description = \"description\",\n DecisionStrategy = \"UNANIMOUS\",\n },\n ManageGroupMembershipScope = new Keycloak.Inputs.UsersPermissionsManageGroupMembershipScopeArgs\n {\n Policies = new[]\n {\n testClientUserPolicy.Id,\n },\n Description = \"description\",\n DecisionStrategy = \"UNANIMOUS\",\n },\n ImpersonateScope = new Keycloak.Inputs.UsersPermissionsImpersonateScopeArgs\n {\n Policies = new[]\n {\n testClientUserPolicy.Id,\n },\n Description = \"description\",\n DecisionStrategy = \"UNANIMOUS\",\n },\n UserImpersonatedScope = new Keycloak.Inputs.UsersPermissionsUserImpersonatedScopeArgs\n {\n Policies = new[]\n {\n testClientUserPolicy.Id,\n },\n Description = \"description\",\n DecisionStrategy = \"UNANIMOUS\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"realm-management\"),\n\t\t}, nil)\n\t\t// enable permissions for realm-management client\n\t\trealmManagementPermission, err := openid.NewClientPermissions(ctx, \"realm_management_permission\", \u0026openid.ClientPermissionsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(realmManagement.ApplyT(func(realmManagement openid.GetClientResult) (*string, error) {\n\t\t\t\treturn \u0026realmManagement.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tEnabled: true,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// creating a user to use with the keycloak_openid_client_user_policy resource\n\t\ttest, err := keycloak.NewUser(ctx, \"test\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"test-user\"),\n\t\t\tEmail: pulumi.String(\"test-user@fakedomain.com\"),\n\t\t\tFirstName: pulumi.String(\"Testy\"),\n\t\t\tLastName: pulumi.String(\"Tester\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestClientUserPolicy, err := openid.NewClientUserPolicy(ctx, \"test\", \u0026openid.ClientUserPolicyArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tResourceServerId: pulumi.String(realmManagement.ApplyT(func(realmManagement openid.GetClientResult) (*string, error) {\n\t\t\t\treturn \u0026realmManagement.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tName: pulumi.String(\"client_user_policy_test\"),\n\t\t\tUsers: pulumi.StringArray{\n\t\t\t\ttest.ID(),\n\t\t\t},\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\trealmManagementPermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUsersPermissions(ctx, \"users_permissions\", \u0026keycloak.UsersPermissionsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tViewScope: \u0026keycloak.UsersPermissionsViewScopeArgs{\n\t\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\t\ttestClientUserPolicy.ID(),\n\t\t\t\t},\n\t\t\t\tDescription: pulumi.String(\"description\"),\n\t\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\t},\n\t\t\tManageScope: \u0026keycloak.UsersPermissionsManageScopeArgs{\n\t\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\t\ttestClientUserPolicy.ID(),\n\t\t\t\t},\n\t\t\t\tDescription: pulumi.String(\"description\"),\n\t\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\t},\n\t\t\tMapRolesScope: \u0026keycloak.UsersPermissionsMapRolesScopeArgs{\n\t\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\t\ttestClientUserPolicy.ID(),\n\t\t\t\t},\n\t\t\t\tDescription: pulumi.String(\"description\"),\n\t\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\t},\n\t\t\tManageGroupMembershipScope: \u0026keycloak.UsersPermissionsManageGroupMembershipScopeArgs{\n\t\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\t\ttestClientUserPolicy.ID(),\n\t\t\t\t},\n\t\t\t\tDescription: pulumi.String(\"description\"),\n\t\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\t},\n\t\t\tImpersonateScope: \u0026keycloak.UsersPermissionsImpersonateScopeArgs{\n\t\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\t\ttestClientUserPolicy.ID(),\n\t\t\t\t},\n\t\t\t\tDescription: pulumi.String(\"description\"),\n\t\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\t},\n\t\t\tUserImpersonatedScope: \u0026keycloak.UsersPermissionsUserImpersonatedScopeArgs{\n\t\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\t\ttestClientUserPolicy.ID(),\n\t\t\t\t},\n\t\t\t\tDescription: pulumi.String(\"description\"),\n\t\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.openid.ClientUserPolicy;\nimport com.pulumi.keycloak.openid.ClientUserPolicyArgs;\nimport com.pulumi.keycloak.UsersPermissions;\nimport com.pulumi.keycloak.UsersPermissionsArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsViewScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsMapRolesScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageGroupMembershipScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsImpersonateScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsUserImpersonatedScopeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"realm-management\")\n .build());\n\n // enable permissions for realm-management client\n var realmManagementPermission = new ClientPermissions(\"realmManagementPermission\", ClientPermissionsArgs.builder()\n .realmId(realm.id())\n .clientId(realmManagement.applyValue(_realmManagement -\u003e _realmManagement.id()))\n .enabled(true)\n .build());\n\n // creating a user to use with the keycloak_openid_client_user_policy resource\n var test = new User(\"test\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"test-user\")\n .email(\"test-user@fakedomain.com\")\n .firstName(\"Testy\")\n .lastName(\"Tester\")\n .build());\n\n var testClientUserPolicy = new ClientUserPolicy(\"testClientUserPolicy\", ClientUserPolicyArgs.builder()\n .realmId(realm.id())\n .resourceServerId(realmManagement.applyValue(_realmManagement -\u003e _realmManagement.id()))\n .name(\"client_user_policy_test\")\n .users(test.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(realmManagementPermission)\n .build());\n\n var usersPermissions = new UsersPermissions(\"usersPermissions\", UsersPermissionsArgs.builder()\n .realmId(realm.id())\n .viewScope(UsersPermissionsViewScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageScope(UsersPermissionsManageScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .mapRolesScope(UsersPermissionsMapRolesScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageGroupMembershipScope(UsersPermissionsManageGroupMembershipScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .impersonateScope(UsersPermissionsImpersonateScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .userImpersonatedScope(UsersPermissionsUserImpersonatedScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n # enable permissions for realm-management client\n realmManagementPermission:\n type: keycloak:openid:ClientPermissions\n name: realm_management_permission\n properties:\n realmId: ${realm.id}\n clientId: ${realmManagement.id}\n enabled: true\n # creating a user to use with the keycloak_openid_client_user_policy resource\n test:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: test-user\n email: test-user@fakedomain.com\n firstName: Testy\n lastName: Tester\n testClientUserPolicy:\n type: keycloak:openid:ClientUserPolicy\n name: test\n properties:\n realmId: ${realm.id}\n resourceServerId: ${realmManagement.id}\n name: client_user_policy_test\n users:\n - ${test.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n options:\n dependsOn:\n - ${realmManagementPermission}\n usersPermissions:\n type: keycloak:UsersPermissions\n name: users_permissions\n properties:\n realmId: ${realm.id}\n viewScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n mapRolesScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageGroupMembershipScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n impersonateScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n userImpersonatedScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\nvariables:\n realmManagement:\n fn::invoke:\n function: keycloak:openid:getClient\n arguments:\n realmId: ${realm.id}\n clientId: realm-management\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm in which to manage fine-grained user permissions.\n\nEach of the scopes that can be managed are defined below:\n\n- \u003cspan pulumi-lang-nodejs=\"`viewScope`\" pulumi-lang-dotnet=\"`ViewScope`\" pulumi-lang-go=\"`viewScope`\" pulumi-lang-python=\"`view_scope`\" pulumi-lang-yaml=\"`viewScope`\" pulumi-lang-java=\"`viewScope`\"\u003e`view_scope`\u003c/span\u003e - (Optional) When specified, set the scope based view permission.\n- \u003cspan pulumi-lang-nodejs=\"`manageScope`\" pulumi-lang-dotnet=\"`ManageScope`\" pulumi-lang-go=\"`manageScope`\" pulumi-lang-python=\"`manage_scope`\" pulumi-lang-yaml=\"`manageScope`\" pulumi-lang-java=\"`manageScope`\"\u003e`manage_scope`\u003c/span\u003e - (Optional) When specified, set the scope based manage permission.\n- \u003cspan pulumi-lang-nodejs=\"`mapRolesScope`\" pulumi-lang-dotnet=\"`MapRolesScope`\" pulumi-lang-go=\"`mapRolesScope`\" pulumi-lang-python=\"`map_roles_scope`\" pulumi-lang-yaml=\"`mapRolesScope`\" pulumi-lang-java=\"`mapRolesScope`\"\u003e`map_roles_scope`\u003c/span\u003e - (Optional) When specified, set the scope based\u003cspan pulumi-lang-nodejs=\" mapRoles \" pulumi-lang-dotnet=\" MapRoles \" pulumi-lang-go=\" mapRoles \" pulumi-lang-python=\" map_roles \" pulumi-lang-yaml=\" mapRoles \" pulumi-lang-java=\" mapRoles \"\u003e map_roles \u003c/span\u003epermission.\n- \u003cspan pulumi-lang-nodejs=\"`manageGroupMembershipScope`\" pulumi-lang-dotnet=\"`ManageGroupMembershipScope`\" pulumi-lang-go=\"`manageGroupMembershipScope`\" pulumi-lang-python=\"`manage_group_membership_scope`\" pulumi-lang-yaml=\"`manageGroupMembershipScope`\" pulumi-lang-java=\"`manageGroupMembershipScope`\"\u003e`manage_group_membership_scope`\u003c/span\u003e - (Optional) When specified, set the scope based\u003cspan pulumi-lang-nodejs=\" manageGroupMembership \" pulumi-lang-dotnet=\" ManageGroupMembership \" pulumi-lang-go=\" manageGroupMembership \" pulumi-lang-python=\" manage_group_membership \" pulumi-lang-yaml=\" manageGroupMembership \" pulumi-lang-java=\" manageGroupMembership \"\u003e manage_group_membership \u003c/span\u003epermission.\n- \u003cspan pulumi-lang-nodejs=\"`impersonateScope`\" pulumi-lang-dotnet=\"`ImpersonateScope`\" pulumi-lang-go=\"`impersonateScope`\" pulumi-lang-python=\"`impersonate_scope`\" pulumi-lang-yaml=\"`impersonateScope`\" pulumi-lang-java=\"`impersonateScope`\"\u003e`impersonate_scope`\u003c/span\u003e - (Optional) When specified, set the scope based impersonate permission.\n- \u003cspan pulumi-lang-nodejs=\"`userImpersonatedScope`\" pulumi-lang-dotnet=\"`UserImpersonatedScope`\" pulumi-lang-go=\"`userImpersonatedScope`\" pulumi-lang-python=\"`user_impersonated_scope`\" pulumi-lang-yaml=\"`userImpersonatedScope`\" pulumi-lang-java=\"`userImpersonatedScope`\"\u003e`user_impersonated_scope`\u003c/span\u003e - (Optional) When specified, set the scope based\u003cspan pulumi-lang-nodejs=\" userImpersonated \" pulumi-lang-dotnet=\" UserImpersonated \" pulumi-lang-go=\" userImpersonated \" pulumi-lang-python=\" user_impersonated \" pulumi-lang-yaml=\" userImpersonated \" pulumi-lang-java=\" userImpersonated \"\u003e user_impersonated \u003c/span\u003epermission.\n\nThe configuration block for each of these scopes supports the following arguments:\n\n- \u003cspan pulumi-lang-nodejs=\"`policies`\" pulumi-lang-dotnet=\"`Policies`\" pulumi-lang-go=\"`policies`\" pulumi-lang-python=\"`policies`\" pulumi-lang-yaml=\"`policies`\" pulumi-lang-java=\"`policies`\"\u003e`policies`\u003c/span\u003e - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) Description of the permission.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Optional) Decision strategy of the permission.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`enabled`\" pulumi-lang-dotnet=\"`Enabled`\" pulumi-lang-go=\"`enabled`\" pulumi-lang-python=\"`enabled`\" pulumi-lang-yaml=\"`enabled`\" pulumi-lang-java=\"`enabled`\"\u003e`enabled`\u003c/span\u003e - When true, this indicates that fine-grained user permissions are enabled. This will always be \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n- \u003cspan pulumi-lang-nodejs=\"`authorizationResourceServerId`\" pulumi-lang-dotnet=\"`AuthorizationResourceServerId`\" pulumi-lang-go=\"`authorizationResourceServerId`\" pulumi-lang-python=\"`authorization_resource_server_id`\" pulumi-lang-yaml=\"`authorizationResourceServerId`\" pulumi-lang-java=\"`authorizationResourceServerId`\"\u003e`authorization_resource_server_id`\u003c/span\u003e - Resource server id representing the realm management client on which these permissions are managed.\n","properties":{"authorizationResourceServerId":{"type":"string","description":"Resource server id representing the realm management client on which this permission is managed"},"enabled":{"type":"boolean"},"impersonateScope":{"$ref":"#/types/keycloak:index/UsersPermissionsImpersonateScope:UsersPermissionsImpersonateScope"},"manageGroupMembershipScope":{"$ref":"#/types/keycloak:index/UsersPermissionsManageGroupMembershipScope:UsersPermissionsManageGroupMembershipScope"},"manageScope":{"$ref":"#/types/keycloak:index/UsersPermissionsManageScope:UsersPermissionsManageScope"},"mapRolesScope":{"$ref":"#/types/keycloak:index/UsersPermissionsMapRolesScope:UsersPermissionsMapRolesScope"},"realmId":{"type":"string"},"userImpersonatedScope":{"$ref":"#/types/keycloak:index/UsersPermissionsUserImpersonatedScope:UsersPermissionsUserImpersonatedScope"},"viewScope":{"$ref":"#/types/keycloak:index/UsersPermissionsViewScope:UsersPermissionsViewScope"}},"required":["authorizationResourceServerId","enabled","realmId"],"inputProperties":{"impersonateScope":{"$ref":"#/types/keycloak:index/UsersPermissionsImpersonateScope:UsersPermissionsImpersonateScope"},"manageGroupMembershipScope":{"$ref":"#/types/keycloak:index/UsersPermissionsManageGroupMembershipScope:UsersPermissionsManageGroupMembershipScope"},"manageScope":{"$ref":"#/types/keycloak:index/UsersPermissionsManageScope:UsersPermissionsManageScope"},"mapRolesScope":{"$ref":"#/types/keycloak:index/UsersPermissionsMapRolesScope:UsersPermissionsMapRolesScope"},"realmId":{"type":"string","willReplaceOnChanges":true},"userImpersonatedScope":{"$ref":"#/types/keycloak:index/UsersPermissionsUserImpersonatedScope:UsersPermissionsUserImpersonatedScope"},"viewScope":{"$ref":"#/types/keycloak:index/UsersPermissionsViewScope:UsersPermissionsViewScope"}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering UsersPermissions resources.\n","properties":{"authorizationResourceServerId":{"type":"string","description":"Resource server id representing the realm management client on which this permission is managed"},"enabled":{"type":"boolean"},"impersonateScope":{"$ref":"#/types/keycloak:index/UsersPermissionsImpersonateScope:UsersPermissionsImpersonateScope"},"manageGroupMembershipScope":{"$ref":"#/types/keycloak:index/UsersPermissionsManageGroupMembershipScope:UsersPermissionsManageGroupMembershipScope"},"manageScope":{"$ref":"#/types/keycloak:index/UsersPermissionsManageScope:UsersPermissionsManageScope"},"mapRolesScope":{"$ref":"#/types/keycloak:index/UsersPermissionsMapRolesScope:UsersPermissionsMapRolesScope"},"realmId":{"type":"string","willReplaceOnChanges":true},"userImpersonatedScope":{"$ref":"#/types/keycloak:index/UsersPermissionsUserImpersonatedScope:UsersPermissionsUserImpersonatedScope"},"viewScope":{"$ref":"#/types/keycloak:index/UsersPermissionsViewScope:UsersPermissionsViewScope"}},"type":"object"}},"keycloak:ldap/customMapper:CustomMapper":{"description":"Allows for creating and managing custom attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP custom mapper is implemented and deployed into Keycloak as a custom provider. This resource allows to\nspecify the custom id and custom implementation class of the self-implemented attribute mapper as well as additional\nproperties via config map.\n\nThe custom mapper should already be deployed into keycloak in order to be correctly configured.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst customMapper = new keycloak.ldap.CustomMapper(\"custom_mapper\", {\n name: \"custom-mapper\",\n realmId: openldap.realmId,\n ldapUserFederationId: openldap.id,\n providerId: \"custom-provider-registered-in-keycloak\",\n providerType: \"com.example.custom.ldap.mappers.CustomMapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\ncustom_mapper = keycloak.ldap.CustomMapper(\"custom_mapper\",\n name=\"custom-mapper\",\n realm_id=openldap[\"realmId\"],\n ldap_user_federation_id=openldap[\"id\"],\n provider_id=\"custom-provider-registered-in-keycloak\",\n provider_type=\"com.example.custom.ldap.mappers.CustomMapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var customMapper = new Keycloak.Ldap.CustomMapper(\"custom_mapper\", new()\n {\n Name = \"custom-mapper\",\n RealmId = openldap.RealmId,\n LdapUserFederationId = openldap.Id,\n ProviderId = \"custom-provider-registered-in-keycloak\",\n ProviderType = \"com.example.custom.ldap.mappers.CustomMapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.value\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewCustomMapper(ctx, \"custom_mapper\", \u0026ldap.CustomMapperArgs{\n\t\t\tName: pulumi.String(\"custom-mapper\"),\n\t\t\tRealmId: pulumi.Any(openldap.RealmId),\n\t\t\tLdapUserFederationId: pulumi.Any(openldap.Id),\n\t\t\tProviderId: pulumi.String(\"custom-provider-registered-in-keycloak\"),\n\t\t\tProviderType: pulumi.String(\"com.example.custom.ldap.mappers.CustomMapper\"),\n\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\"attribute.name\": pulumi.String(\"name\"),\n\t\t\t\t\"attribute.value\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.CustomMapper;\nimport com.pulumi.keycloak.ldap.CustomMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var customMapper = new CustomMapper(\"customMapper\", CustomMapperArgs.builder()\n .name(\"custom-mapper\")\n .realmId(openldap.realmId())\n .ldapUserFederationId(openldap.id())\n .providerId(\"custom-provider-registered-in-keycloak\")\n .providerType(\"com.example.custom.ldap.mappers.CustomMapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.value\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n customMapper:\n type: keycloak:ldap:CustomMapper\n name: custom_mapper\n properties:\n name: custom-mapper\n realmId: ${openldap.realmId}\n ldapUserFederationId: ${openldap.id}\n providerId: custom-provider-registered-in-keycloak\n providerType: com.example.custom.ldap.mappers.CustomMapper\n config:\n attribute.name: name\n attribute.value: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_custom_mapper.custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the LDAP mapper. The supported keys depend on the protocol mapper.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"providerId":{"type":"string","description":"The id of the LDAP mapper implemented in MapperFactory.\n"},"providerType":{"type":"string","description":"The fully-qualified Java class name of the custom LDAP mapper.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"}},"required":["ldapUserFederationId","name","providerId","providerType","realmId"],"inputProperties":{"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the LDAP mapper. The supported keys depend on the protocol mapper.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"providerId":{"type":"string","description":"The id of the LDAP mapper implemented in MapperFactory.\n","willReplaceOnChanges":true},"providerType":{"type":"string","description":"The fully-qualified Java class name of the custom LDAP mapper.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"requiredInputs":["ldapUserFederationId","providerId","providerType","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering CustomMapper resources.\n","properties":{"config":{"type":"object","additionalProperties":{"type":"string"},"description":"A map with key / value pairs for configuring the LDAP mapper. The supported keys depend on the protocol mapper.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"providerId":{"type":"string","description":"The id of the LDAP mapper implemented in MapperFactory.\n","willReplaceOnChanges":true},"providerType":{"type":"string","description":"The fully-qualified Java class name of the custom LDAP mapper.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:ldap/fullNameMapper:FullNameMapper":{"description":"Allows for creating and managing full name mappers for Keycloak users federated via LDAP.\n\nThe LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a\nKeycloak user.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapFullNameMapper = new keycloak.ldap.FullNameMapper(\"ldap_full_name_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"full-name-mapper\",\n ldapFullNameAttribute: \"cn\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_full_name_mapper = keycloak.ldap.FullNameMapper(\"ldap_full_name_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"full-name-mapper\",\n ldap_full_name_attribute=\"cn\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper(\"ldap_full_name_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"full-name-mapper\",\n LdapFullNameAttribute = \"cn\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewFullNameMapper(ctx, \"ldap_full_name_mapper\", \u0026ldap.FullNameMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"full-name-mapper\"),\n\t\t\tLdapFullNameAttribute: pulumi.String(\"cn\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.FullNameMapper;\nimport com.pulumi.keycloak.ldap.FullNameMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapFullNameMapper = new FullNameMapper(\"ldapFullNameMapper\", FullNameMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"full-name-mapper\")\n .ldapFullNameAttribute(\"cn\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapFullNameMapper:\n type: keycloak:ldap:FullNameMapper\n name: ldap_full_name_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: full-name-mapper\n ldapFullNameAttribute: cn\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_full_name_mapper.ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"ldapFullNameAttribute":{"type":"string","description":"The name of the LDAP attribute containing the user's full name.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"readOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, updates to a user within Keycloak will not be written back to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"},"writeOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this mapper will only be used to write updates to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"required":["ldapFullNameAttribute","ldapUserFederationId","name","realmId"],"inputProperties":{"ldapFullNameAttribute":{"type":"string","description":"The name of the LDAP attribute containing the user's full name.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"readOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, updates to a user within Keycloak will not be written back to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"writeOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this mapper will only be used to write updates to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"requiredInputs":["ldapFullNameAttribute","ldapUserFederationId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering FullNameMapper resources.\n","properties":{"ldapFullNameAttribute":{"type":"string","description":"The name of the LDAP attribute containing the user's full name.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"readOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, updates to a user within Keycloak will not be written back to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"writeOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this mapper will only be used to write updates to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object"}},"keycloak:ldap/groupMapper:GroupMapper":{"description":"Allows for creating and managing group mappers for Keycloak users federated via LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also\ncreate the groups within Keycloak if they do not already exist.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapGroupMapper = new keycloak.ldap.GroupMapper(\"ldap_group_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"group-mapper\",\n ldapGroupsDn: \"dc=example,dc=org\",\n groupNameLdapAttribute: \"cn\",\n groupObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_group_mapper = keycloak.ldap.GroupMapper(\"ldap_group_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"group-mapper\",\n ldap_groups_dn=\"dc=example,dc=org\",\n group_name_ldap_attribute=\"cn\",\n group_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapGroupMapper = new Keycloak.Ldap.GroupMapper(\"ldap_group_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"group-mapper\",\n LdapGroupsDn = \"dc=example,dc=org\",\n GroupNameLdapAttribute = \"cn\",\n GroupObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewGroupMapper(ctx, \"ldap_group_mapper\", \u0026ldap.GroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"group-mapper\"),\n\t\t\tLdapGroupsDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tGroupNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tGroupObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.GroupMapper;\nimport com.pulumi.keycloak.ldap.GroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapGroupMapper = new GroupMapper(\"ldapGroupMapper\", GroupMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"group-mapper\")\n .ldapGroupsDn(\"dc=example,dc=org\")\n .groupNameLdapAttribute(\"cn\")\n .groupObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapGroupMapper:\n type: keycloak:ldap:GroupMapper\n name: ldap_group_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: group-mapper\n ldapGroupsDn: dc=example,dc=org\n groupNameLdapAttribute: cn\n groupObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n memberofLdapAttribute: memberOf\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_group_mapper.ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"dropNonExistingGroupsDuringSync":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"groupNameLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically \u003cspan pulumi-lang-nodejs=\"`cn`\" pulumi-lang-dotnet=\"`Cn`\" pulumi-lang-go=\"`cn`\" pulumi-lang-python=\"`cn`\" pulumi-lang-yaml=\"`cn`\" pulumi-lang-java=\"`cn`\"\u003e`cn`\u003c/span\u003e.\n"},"groupObjectClasses":{"type":"array","items":{"type":"string"},"description":"List of strings representing the object classes for the group. Must contain at least one.\n"},"groupsLdapFilter":{"type":"string","description":"When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n"},"groupsPath":{"type":"string","description":"Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.\n"},"ignoreMissingGroups":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, missing groups in the hierarchy will be ignored.\n"},"ldapGroupsDn":{"type":"string","description":"The LDAP DN where groups can be found.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"mappedGroupAttributes":{"type":"array","items":{"type":"string"},"description":"Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n"},"memberofLdapAttribute":{"type":"string","description":"Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n"},"membershipAttributeType":{"type":"string","description":"Can be one of `DN` or `UID`. Defaults to `DN`.\n"},"membershipLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used for membership mappings.\n"},"membershipUserLdapAttribute":{"type":"string","description":"The name of the LDAP attribute on a user that is used for membership mappings.\n"},"mode":{"type":"string","description":"Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"preserveGroupInheritance":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, group inheritance will be propagated from LDAP to Keycloak. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, all LDAP groups will be propagated as top level groups within Keycloak.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"},"userRolesRetrieveStrategy":{"type":"string","description":"Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n"}},"required":["groupNameLdapAttribute","groupObjectClasses","groupsPath","ldapGroupsDn","ldapUserFederationId","membershipLdapAttribute","membershipUserLdapAttribute","name","realmId"],"inputProperties":{"dropNonExistingGroupsDuringSync":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"groupNameLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically \u003cspan pulumi-lang-nodejs=\"`cn`\" pulumi-lang-dotnet=\"`Cn`\" pulumi-lang-go=\"`cn`\" pulumi-lang-python=\"`cn`\" pulumi-lang-yaml=\"`cn`\" pulumi-lang-java=\"`cn`\"\u003e`cn`\u003c/span\u003e.\n"},"groupObjectClasses":{"type":"array","items":{"type":"string"},"description":"List of strings representing the object classes for the group. Must contain at least one.\n"},"groupsLdapFilter":{"type":"string","description":"When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n"},"groupsPath":{"type":"string","description":"Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.\n"},"ignoreMissingGroups":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, missing groups in the hierarchy will be ignored.\n"},"ldapGroupsDn":{"type":"string","description":"The LDAP DN where groups can be found.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"mappedGroupAttributes":{"type":"array","items":{"type":"string"},"description":"Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n"},"memberofLdapAttribute":{"type":"string","description":"Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n"},"membershipAttributeType":{"type":"string","description":"Can be one of `DN` or `UID`. Defaults to `DN`.\n"},"membershipLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used for membership mappings.\n"},"membershipUserLdapAttribute":{"type":"string","description":"The name of the LDAP attribute on a user that is used for membership mappings.\n"},"mode":{"type":"string","description":"Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"preserveGroupInheritance":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, group inheritance will be propagated from LDAP to Keycloak. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, all LDAP groups will be propagated as top level groups within Keycloak.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"userRolesRetrieveStrategy":{"type":"string","description":"Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n"}},"requiredInputs":["groupNameLdapAttribute","groupObjectClasses","ldapGroupsDn","ldapUserFederationId","membershipLdapAttribute","membershipUserLdapAttribute","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupMapper resources.\n","properties":{"dropNonExistingGroupsDuringSync":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"groupNameLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically \u003cspan pulumi-lang-nodejs=\"`cn`\" pulumi-lang-dotnet=\"`Cn`\" pulumi-lang-go=\"`cn`\" pulumi-lang-python=\"`cn`\" pulumi-lang-yaml=\"`cn`\" pulumi-lang-java=\"`cn`\"\u003e`cn`\u003c/span\u003e.\n"},"groupObjectClasses":{"type":"array","items":{"type":"string"},"description":"List of strings representing the object classes for the group. Must contain at least one.\n"},"groupsLdapFilter":{"type":"string","description":"When specified, adds a custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n"},"groupsPath":{"type":"string","description":"Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.\n"},"ignoreMissingGroups":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, missing groups in the hierarchy will be ignored.\n"},"ldapGroupsDn":{"type":"string","description":"The LDAP DN where groups can be found.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"mappedGroupAttributes":{"type":"array","items":{"type":"string"},"description":"Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n"},"memberofLdapAttribute":{"type":"string","description":"Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n"},"membershipAttributeType":{"type":"string","description":"Can be one of `DN` or `UID`. Defaults to `DN`.\n"},"membershipLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used for membership mappings.\n"},"membershipUserLdapAttribute":{"type":"string","description":"The name of the LDAP attribute on a user that is used for membership mappings.\n"},"mode":{"type":"string","description":"Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"preserveGroupInheritance":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, group inheritance will be propagated from LDAP to Keycloak. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, all LDAP groups will be propagated as top level groups within Keycloak.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"userRolesRetrieveStrategy":{"type":"string","description":"Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n"}},"type":"object"}},"keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper":{"description":"Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded attribute mapper will set the specified value to the LDAP attribute.\n\n**NOTE**: This mapper only works when the \u003cspan pulumi-lang-nodejs=\"`syncRegistrations`\" pulumi-lang-dotnet=\"`SyncRegistrations`\" pulumi-lang-go=\"`syncRegistrations`\" pulumi-lang-python=\"`sync_registrations`\" pulumi-lang-yaml=\"`syncRegistrations`\" pulumi-lang-java=\"`syncRegistrations`\"\u003e`sync_registrations`\u003c/span\u003e attribute on the \u003cspan pulumi-lang-nodejs=\"`keycloak.ldap.UserFederation`\" pulumi-lang-dotnet=\"`keycloak.ldap.UserFederation`\" pulumi-lang-go=\"`ldap.UserFederation`\" pulumi-lang-python=\"`ldap.UserFederation`\" pulumi-lang-yaml=\"`keycloak.ldap.UserFederation`\" pulumi-lang-java=\"`keycloak.ldap.UserFederation`\"\u003e`keycloak.ldap.UserFederation`\u003c/span\u003e resource is set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n syncRegistrations: true,\n});\nconst assignBarToFoo = new keycloak.ldap.HardcodedAttributeMapper(\"assign_bar_to_foo\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"assign-foo-to-bar\",\n attributeName: \"foo\",\n attributeValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n sync_registrations=True)\nassign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper(\"assign_bar_to_foo\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"assign-foo-to-bar\",\n attribute_name=\"foo\",\n attribute_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n SyncRegistrations = true,\n });\n\n var assignBarToFoo = new Keycloak.Ldap.HardcodedAttributeMapper(\"assign_bar_to_foo\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"assign-foo-to-bar\",\n AttributeName = \"foo\",\n AttributeValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tSyncRegistrations: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedAttributeMapper(ctx, \"assign_bar_to_foo\", \u0026ldap.HardcodedAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"assign-foo-to-bar\"),\n\t\t\tAttributeName: pulumi.String(\"foo\"),\n\t\t\tAttributeValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapper;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .syncRegistrations(true)\n .build());\n\n var assignBarToFoo = new HardcodedAttributeMapper(\"assignBarToFoo\", HardcodedAttributeMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"assign-foo-to-bar\")\n .attributeName(\"foo\")\n .attributeValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n syncRegistrations: true\n assignBarToFoo:\n type: keycloak:ldap:HardcodedAttributeMapper\n name: assign_bar_to_foo\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: assign-foo-to-bar\n attributeName: foo\n attributeValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_hardcoded_attribute_mapper.assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"attributeName":{"type":"string","description":"The name of the LDAP attribute to set.\n"},"attributeValue":{"type":"string","description":"The value to set to the LDAP attribute. You can hardcode any value like 'foo'.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"}},"required":["attributeName","attributeValue","ldapUserFederationId","name","realmId"],"inputProperties":{"attributeName":{"type":"string","description":"The name of the LDAP attribute to set.\n","willReplaceOnChanges":true},"attributeValue":{"type":"string","description":"The value to set to the LDAP attribute. You can hardcode any value like 'foo'.\n","willReplaceOnChanges":true},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"requiredInputs":["attributeName","attributeValue","ldapUserFederationId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedAttributeMapper resources.\n","properties":{"attributeName":{"type":"string","description":"The name of the LDAP attribute to set.\n","willReplaceOnChanges":true},"attributeValue":{"type":"string","description":"The value to set to the LDAP attribute. You can hardcode any value like 'foo'.\n","willReplaceOnChanges":true},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper":{"description":"Allows for creating and managing hardcoded group mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded group mapper will grant a specified Keycloak group to each Keycloak user linked with LDAP.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmGroup = new keycloak.Group(\"realm_group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst assignGroupToUsers = new keycloak.ldap.HardcodedGroupMapper(\"assign_group_to_users\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"assign-group-to-users\",\n group: realmGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_group = keycloak.Group(\"realm_group\",\n realm_id=realm.id,\n name=\"my-group\")\nassign_group_to_users = keycloak.ldap.HardcodedGroupMapper(\"assign_group_to_users\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"assign-group-to-users\",\n group=realm_group.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmGroup = new Keycloak.Group(\"realm_group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var assignGroupToUsers = new Keycloak.Ldap.HardcodedGroupMapper(\"assign_group_to_users\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"assign-group-to-users\",\n Group = realmGroup.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmGroup, err := keycloak.NewGroup(ctx, \"realm_group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedGroupMapper(ctx, \"assign_group_to_users\", \u0026ldap.HardcodedGroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"assign-group-to-users\"),\n\t\t\tGroup: realmGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapper;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var realmGroup = new Group(\"realmGroup\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var assignGroupToUsers = new HardcodedGroupMapper(\"assignGroupToUsers\", HardcodedGroupMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"assign-group-to-users\")\n .group(realmGroup.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n realmGroup:\n type: keycloak:Group\n name: realm_group\n properties:\n realmId: ${realm.id}\n name: my-group\n assignGroupToUsers:\n type: keycloak:ldap:HardcodedGroupMapper\n name: assign_group_to_users\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: assign-group-to-users\n group: ${realmGroup.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_hardcoded_group_mapper.assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"group":{"type":"string","description":"The name of the group which should be assigned to the users.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"}},"required":["group","ldapUserFederationId","name","realmId"],"inputProperties":{"group":{"type":"string","description":"The name of the group which should be assigned to the users.\n","willReplaceOnChanges":true},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"requiredInputs":["group","ldapUserFederationId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedGroupMapper resources.\n","properties":{"group":{"type":"string","description":"The name of the group which should be assigned to the users.\n","willReplaceOnChanges":true},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper":{"description":"Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmAdminRole = new keycloak.Role(\"realm_admin_role\", {\n realmId: realm.id,\n name: \"my-admin-role\",\n description: \"My Realm Role\",\n});\nconst assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"assign-admin-role-to-all-users\",\n role: realmAdminRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_admin_role = keycloak.Role(\"realm_admin_role\",\n realm_id=realm.id,\n name=\"my-admin-role\",\n description=\"My Realm Role\")\nassign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"assign-admin-role-to-all-users\",\n role=realm_admin_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmAdminRole = new Keycloak.Role(\"realm_admin_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-admin-role\",\n Description = \"My Realm Role\",\n });\n\n var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"assign-admin-role-to-all-users\",\n Role = realmAdminRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmAdminRole, err := keycloak.NewRole(ctx, \"realm_admin_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-admin-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedRoleMapper(ctx, \"assign_admin_role_to_all_users\", \u0026ldap.HardcodedRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"assign-admin-role-to-all-users\"),\n\t\t\tRole: realmAdminRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapper;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var realmAdminRole = new Role(\"realmAdminRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-admin-role\")\n .description(\"My Realm Role\")\n .build());\n\n var assignAdminRoleToAllUsers = new HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", HardcodedRoleMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"assign-admin-role-to-all-users\")\n .role(realmAdminRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n realmAdminRole:\n type: keycloak:Role\n name: realm_admin_role\n properties:\n realmId: ${realm.id}\n name: my-admin-role\n description: My Realm Role\n assignAdminRoleToAllUsers:\n type: keycloak:ldap:HardcodedRoleMapper\n name: assign_admin_role_to_all_users\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: assign-admin-role-to-all-users\n role: ${realmAdminRole.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\n// data sources aren't technically necessary here, but they are helpful for demonstration purposes\nconst realmManagement = keycloak.openid.getClientOutput({\n realmId: realm.id,\n clientId: \"realm-management\",\n});\nconst createClient = pulumi.all([realm.id, realmManagement]).apply(([id, realmManagement]) =\u003e keycloak.getRoleOutput({\n realmId: id,\n clientId: realmManagement.id,\n name: \"create-client\",\n}));\nconst assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"assign-admin-role-to-all-users\",\n role: pulumi.all([realmManagement, createClient]).apply(([realmManagement, createClient]) =\u003e `${realmManagement.clientId}.${createClient.name}`),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\n# data sources aren't technically necessary here, but they are helpful for demonstration purposes\nrealm_management = keycloak.openid.get_client_output(realm_id=realm.id,\n client_id=\"realm-management\")\ncreate_client = pulumi.Output.all(\n id=realm.id,\n realm_management=realm_management\n).apply(lambda resolved_outputs: keycloak.get_role_output(realm_id=resolved_outputs['id'],\n client_id=realm_management.id,\n name=\"create-client\"))\n\nassign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"assign-admin-role-to-all-users\",\n role=pulumi.Output.all(\n realm_management=realm_management,\n create_client=create_client\n).apply(lambda resolved_outputs: f\"{realm_management.client_id}.{create_client.name}\")\n)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n // data sources aren't technically necessary here, but they are helpful for demonstration purposes\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = \"realm-management\",\n });\n\n var createClient = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"create-client\",\n });\n\n var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"assign-admin-role-to-all-users\",\n Role = Output.Tuple(realmManagement, createClient).Apply(values =\u003e\n {\n var realmManagement = values.Item1;\n var createClient = values.Item2;\n return $\"{realmManagement.Apply(getClientResult =\u003e getClientResult.ClientId)}.{createClient.Apply(getRoleResult =\u003e getRoleResult.Name)}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// data sources aren't technically necessary here, but they are helpful for demonstration purposes\n\t\trealmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"realm-management\"),\n\t\t}, nil)\n\t\tcreateClient := pulumi.All(realm.ID(), realmManagement).ApplyT(func(_args []interface{}) (keycloak.GetRoleResult, error) {\n\t\t\tid := _args[0].(string)\n\t\t\trealmManagement := _args[1].(openid.GetClientResult)\n\t\t\treturn keycloak.GetRoleResult(interface{}(keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\t\tRealmId: id,\n\t\t\t\tClientId: pulumi.StringRef(pulumi.StringRef(realmManagement.Id)),\n\t\t\t\tName: \"create-client\",\n\t\t\t}, nil))), nil\n\t\t}).(keycloak.GetRoleResultOutput)\n\t\t_, err = ldap.NewHardcodedRoleMapper(ctx, \"assign_admin_role_to_all_users\", \u0026ldap.HardcodedRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"assign-admin-role-to-all-users\"),\n\t\t\tRole: pulumi.All(realmManagement, createClient).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\trealmManagement := _args[0].(openid.GetClientResult)\n\t\t\t\tcreateClient := _args[1].(keycloak.GetRoleResult)\n\t\t\t\treturn fmt.Sprintf(\"%v.%v\", realmManagement.ClientId, createClient.Name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapper;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n // data sources aren't technically necessary here, but they are helpful for demonstration purposes\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"realm-management\")\n .build());\n\n final var createClient = Output.tuple(realm.id(), realmManagement).applyValue(values -\u003e {\n var id = values.t1;\n var realmManagement = values.t2;\n return KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(id)\n .clientId(realmManagement.id())\n .name(\"create-client\")\n .build());\n });\n\n var assignAdminRoleToAllUsers = new HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", HardcodedRoleMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"assign-admin-role-to-all-users\")\n .role(Output.tuple(realmManagement, createClient).applyValue(values -\u003e {\n var realmManagement = values.t1;\n var createClient = values.t2;\n return String.format(\"%s.%s\", realmManagement.clientId(),createClient.name());\n }))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n assignAdminRoleToAllUsers:\n type: keycloak:ldap:HardcodedRoleMapper\n name: assign_admin_role_to_all_users\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: assign-admin-role-to-all-users\n role: ${realmManagement.clientId}.${createClient.name}\nvariables:\n # data sources aren't technically necessary here, but they are helpful for demonstration purposes\n realmManagement:\n fn::invoke:\n function: keycloak:openid:getClient\n arguments:\n realmId: ${realm.id}\n clientId: realm-management\n createClient:\n fn::invoke:\n function: keycloak:getRole\n arguments:\n realmId: ${realm.id}\n clientId: ${realmManagement.id}\n name: create-client\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_hardcoded_role_mapper.assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"},"role":{"type":"string","description":"The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.\n"}},"required":["ldapUserFederationId","name","realmId","role"],"inputProperties":{"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.\n","willReplaceOnChanges":true}},"requiredInputs":["ldapUserFederationId","realmId","role"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedRoleMapper resources.\n","properties":{"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper":{"description":"Allows for creating and managing MSAD-LDS user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD-LDS, and it can propagate\nAD-LDS user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"ad\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadLdsUserAccountControlMapper = new keycloak.ldap.MsadLdsUserAccountControlMapper(\"msad_lds_user_account_control_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"msad-lds-user-account-control-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"ad\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper(\"msad_lds_user_account_control_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"msad-lds-user-account-control-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"ad\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadLdsUserAccountControlMapper = new Keycloak.Ldap.MsadLdsUserAccountControlMapper(\"msad_lds_user_account_control_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"msad-lds-user-account-control-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"ad\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, \"msad_lds_user_account_control_mapper\", \u0026ldap.MsadLdsUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"msad-lds-user-account-control-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"ad\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadLdsUserAccountControlMapper = new MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", MsadLdsUserAccountControlMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"msad-lds-user-account-control-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: ad\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadLdsUserAccountControlMapper:\n type: keycloak:ldap:MsadLdsUserAccountControlMapper\n name: msad_lds_user_account_control_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: msad-lds-user-account-control-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_msad_lds_user_account_control_mapper.msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"}},"required":["ldapUserFederationId","name","realmId"],"inputProperties":{"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"requiredInputs":["ldapUserFederationId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering MsadLdsUserAccountControlMapper resources.\n","properties":{"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper":{"description":"Allows for creating and managing MSAD user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD (Microsoft Active Directory) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD, and it can propagate\nAD user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"ad\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper(\"msad_user_account_control_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"msad-user-account-control-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"ad\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper(\"msad_user_account_control_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"msad-user-account-control-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"ad\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper(\"msad_user_account_control_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"msad-user-account-control-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"ad\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadUserAccountControlMapper(ctx, \"msad_user_account_control_mapper\", \u0026ldap.MsadUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"msad-user-account-control-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"ad\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadUserAccountControlMapper = new MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", MsadUserAccountControlMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"msad-user-account-control-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: ad\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadUserAccountControlMapper:\n type: keycloak:ldap:MsadUserAccountControlMapper\n name: msad_user_account_control_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: msad-user-account-control-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_msad_user_account_control_mapper.msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"ldapPasswordPolicyHintsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"}},"required":["ldapUserFederationId","name","realmId"],"inputProperties":{"ldapPasswordPolicyHintsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"requiredInputs":["ldapUserFederationId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering MsadUserAccountControlMapper resources.\n","properties":{"ldapPasswordPolicyHintsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:ldap/roleMapper:RoleMapper":{"description":"Allows for creating and managing role mappers for Keycloak users federated via LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapRoleMapper = new keycloak.ldap.RoleMapper(\"ldap_role_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"role-mapper\",\n ldapRolesDn: \"dc=example,dc=org\",\n roleNameLdapAttribute: \"cn\",\n roleObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n userRolesRetrieveStrategy: \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_role_mapper = keycloak.ldap.RoleMapper(\"ldap_role_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"role-mapper\",\n ldap_roles_dn=\"dc=example,dc=org\",\n role_name_ldap_attribute=\"cn\",\n role_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n user_roles_retrieve_strategy=\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapRoleMapper = new Keycloak.Ldap.RoleMapper(\"ldap_role_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"role-mapper\",\n LdapRolesDn = \"dc=example,dc=org\",\n RoleNameLdapAttribute = \"cn\",\n RoleObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n UserRolesRetrieveStrategy = \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewRoleMapper(ctx, \"ldap_role_mapper\", \u0026ldap.RoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"role-mapper\"),\n\t\t\tLdapRolesDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tRoleNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRoleObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUserRolesRetrieveStrategy: pulumi.String(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.RoleMapper;\nimport com.pulumi.keycloak.ldap.RoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapRoleMapper = new RoleMapper(\"ldapRoleMapper\", RoleMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"role-mapper\")\n .ldapRolesDn(\"dc=example,dc=org\")\n .roleNameLdapAttribute(\"cn\")\n .roleObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .userRolesRetrieveStrategy(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapRoleMapper:\n type: keycloak:ldap:RoleMapper\n name: ldap_role_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: role-mapper\n ldapRolesDn: dc=example,dc=org\n roleNameLdapAttribute: cn\n roleObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n userRolesRetrieveStrategy: GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\n memberofLdapAttribute: memberOf\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_role_mapper.ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"clientId":{"type":"string","description":"When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if \u003cspan pulumi-lang-nodejs=\"`useRealmRolesMapping`\" pulumi-lang-dotnet=\"`UseRealmRolesMapping`\" pulumi-lang-go=\"`useRealmRolesMapping`\" pulumi-lang-python=\"`use_realm_roles_mapping`\" pulumi-lang-yaml=\"`useRealmRolesMapping`\" pulumi-lang-java=\"`useRealmRolesMapping`\"\u003e`use_realm_roles_mapping`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapRolesDn":{"type":"string","description":"The LDAP DN where roles can be found.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"memberofLdapAttribute":{"type":"string","description":"Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when\n"},"membershipAttributeType":{"type":"string","description":"Can be one of `DN` or `UID`. Defaults to `DN`.\n"},"membershipLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used for membership mappings.\n"},"membershipUserLdapAttribute":{"type":"string","description":"The name of the LDAP attribute on a user that is used for membership mappings.\n"},"mode":{"type":"string","description":"Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"},"roleNameLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically \u003cspan pulumi-lang-nodejs=\"`cn`\" pulumi-lang-dotnet=\"`Cn`\" pulumi-lang-go=\"`cn`\" pulumi-lang-python=\"`cn`\" pulumi-lang-yaml=\"`cn`\" pulumi-lang-java=\"`cn`\"\u003e`cn`\u003c/span\u003e.\n"},"roleObjectClasses":{"type":"array","items":{"type":"string"},"description":"List of strings representing the object classes for the role. Must contain at least one.\n"},"rolesLdapFilter":{"type":"string","description":"When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n"},"useRealmRolesMapping":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"userRolesRetrieveStrategy":{"type":"string","description":"Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.\n"}},"required":["ldapRolesDn","ldapUserFederationId","membershipLdapAttribute","membershipUserLdapAttribute","name","realmId","roleNameLdapAttribute","roleObjectClasses"],"inputProperties":{"clientId":{"type":"string","description":"When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if \u003cspan pulumi-lang-nodejs=\"`useRealmRolesMapping`\" pulumi-lang-dotnet=\"`UseRealmRolesMapping`\" pulumi-lang-go=\"`useRealmRolesMapping`\" pulumi-lang-python=\"`use_realm_roles_mapping`\" pulumi-lang-yaml=\"`useRealmRolesMapping`\" pulumi-lang-java=\"`useRealmRolesMapping`\"\u003e`use_realm_roles_mapping`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapRolesDn":{"type":"string","description":"The LDAP DN where roles can be found.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"memberofLdapAttribute":{"type":"string","description":"Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when\n"},"membershipAttributeType":{"type":"string","description":"Can be one of `DN` or `UID`. Defaults to `DN`.\n"},"membershipLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used for membership mappings.\n"},"membershipUserLdapAttribute":{"type":"string","description":"The name of the LDAP attribute on a user that is used for membership mappings.\n"},"mode":{"type":"string","description":"Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"roleNameLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically \u003cspan pulumi-lang-nodejs=\"`cn`\" pulumi-lang-dotnet=\"`Cn`\" pulumi-lang-go=\"`cn`\" pulumi-lang-python=\"`cn`\" pulumi-lang-yaml=\"`cn`\" pulumi-lang-java=\"`cn`\"\u003e`cn`\u003c/span\u003e.\n"},"roleObjectClasses":{"type":"array","items":{"type":"string"},"description":"List of strings representing the object classes for the role. Must contain at least one.\n"},"rolesLdapFilter":{"type":"string","description":"When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n"},"useRealmRolesMapping":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"userRolesRetrieveStrategy":{"type":"string","description":"Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.\n"}},"requiredInputs":["ldapRolesDn","ldapUserFederationId","membershipLdapAttribute","membershipUserLdapAttribute","realmId","roleNameLdapAttribute","roleObjectClasses"],"stateInputs":{"description":"Input properties used for looking up and filtering RoleMapper resources.\n","properties":{"clientId":{"type":"string","description":"When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if \u003cspan pulumi-lang-nodejs=\"`useRealmRolesMapping`\" pulumi-lang-dotnet=\"`UseRealmRolesMapping`\" pulumi-lang-go=\"`useRealmRolesMapping`\" pulumi-lang-python=\"`use_realm_roles_mapping`\" pulumi-lang-yaml=\"`useRealmRolesMapping`\" pulumi-lang-java=\"`useRealmRolesMapping`\"\u003e`use_realm_roles_mapping`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapRolesDn":{"type":"string","description":"The LDAP DN where roles can be found.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"memberofLdapAttribute":{"type":"string","description":"Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when\n"},"membershipAttributeType":{"type":"string","description":"Can be one of `DN` or `UID`. Defaults to `DN`.\n"},"membershipLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used for membership mappings.\n"},"membershipUserLdapAttribute":{"type":"string","description":"The name of the LDAP attribute on a user that is used for membership mappings.\n"},"mode":{"type":"string","description":"Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"roleNameLdapAttribute":{"type":"string","description":"The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically \u003cspan pulumi-lang-nodejs=\"`cn`\" pulumi-lang-dotnet=\"`Cn`\" pulumi-lang-go=\"`cn`\" pulumi-lang-python=\"`cn`\" pulumi-lang-yaml=\"`cn`\" pulumi-lang-java=\"`cn`\"\u003e`cn`\u003c/span\u003e.\n"},"roleObjectClasses":{"type":"array","items":{"type":"string"},"description":"List of strings representing the object classes for the role. Must contain at least one.\n"},"rolesLdapFilter":{"type":"string","description":"When specified, adds a custom filter to be used when querying for roles. Must start with `(` and end with `)`.\n"},"useRealmRolesMapping":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"userRolesRetrieveStrategy":{"type":"string","description":"Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.\n"}},"type":"object"}},"keycloak:ldap/userAttributeMapper:UserAttributeMapper":{"description":"Allows for creating and managing user attribute mappers for Keycloak users\nfederated via LDAP.\n\nThe LDAP user attribute mapper can be used to map a single LDAP attribute\nto an attribute on the Keycloak user model.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper(\"ldap_user_attribute_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"user-attribute-mapper\",\n userModelAttribute: \"foo\",\n ldapAttribute: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper(\"ldap_user_attribute_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"user-attribute-mapper\",\n user_model_attribute=\"foo\",\n ldap_attribute=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper(\"ldap_user_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"user-attribute-mapper\",\n UserModelAttribute = \"foo\",\n LdapAttribute = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserAttributeMapper(ctx, \"ldap_user_attribute_mapper\", \u0026ldap.UserAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"user-attribute-mapper\"),\n\t\t\tUserModelAttribute: pulumi.String(\"foo\"),\n\t\t\tLdapAttribute: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.UserAttributeMapper;\nimport com.pulumi.keycloak.ldap.UserAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapUserAttributeMapper = new UserAttributeMapper(\"ldapUserAttributeMapper\", UserAttributeMapperArgs.builder()\n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"user-attribute-mapper\")\n .userModelAttribute(\"foo\")\n .ldapAttribute(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapUserAttributeMapper:\n type: keycloak:ldap:UserAttributeMapper\n name: ldap_user_attribute_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: user-attribute-mapper\n userModelAttribute: foo\n ldapAttribute: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\n```bash\n$ terraform import keycloak_ldap_user_attribute_mapper.ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n","properties":{"alwaysReadValueFromLdap":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the value fetched from LDAP will override the value stored in Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"attributeDefaultValue":{"type":"string","description":"Default value to set in LDAP if \u003cspan pulumi-lang-nodejs=\"`isMandatoryInLdap`\" pulumi-lang-dotnet=\"`IsMandatoryInLdap`\" pulumi-lang-go=\"`isMandatoryInLdap`\" pulumi-lang-python=\"`is_mandatory_in_ldap`\" pulumi-lang-yaml=\"`isMandatoryInLdap`\" pulumi-lang-java=\"`isMandatoryInLdap`\"\u003e`is_mandatory_in_ldap`\u003c/span\u003e is true and the value is empty.\n"},"attributeForceDefault":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"isBinaryAttribute":{"type":"boolean","description":"Should be true for binary LDAP attributes.\n"},"isMandatoryInLdap":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this attribute must exist in LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapAttribute":{"type":"string","description":"Name of the mapped attribute on the LDAP object.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n"},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"readOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n"},"userModelAttribute":{"type":"string","description":"Name of the user property or attribute you want to map the LDAP attribute into.\n"}},"required":["ldapAttribute","ldapUserFederationId","name","realmId","userModelAttribute"],"inputProperties":{"alwaysReadValueFromLdap":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the value fetched from LDAP will override the value stored in Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"attributeDefaultValue":{"type":"string","description":"Default value to set in LDAP if \u003cspan pulumi-lang-nodejs=\"`isMandatoryInLdap`\" pulumi-lang-dotnet=\"`IsMandatoryInLdap`\" pulumi-lang-go=\"`isMandatoryInLdap`\" pulumi-lang-python=\"`is_mandatory_in_ldap`\" pulumi-lang-yaml=\"`isMandatoryInLdap`\" pulumi-lang-java=\"`isMandatoryInLdap`\"\u003e`is_mandatory_in_ldap`\u003c/span\u003e is true and the value is empty.\n"},"attributeForceDefault":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"isBinaryAttribute":{"type":"boolean","description":"Should be true for binary LDAP attributes.\n"},"isMandatoryInLdap":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this attribute must exist in LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapAttribute":{"type":"string","description":"Name of the mapped attribute on the LDAP object.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"readOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"userModelAttribute":{"type":"string","description":"Name of the user property or attribute you want to map the LDAP attribute into.\n"}},"requiredInputs":["ldapAttribute","ldapUserFederationId","realmId","userModelAttribute"],"stateInputs":{"description":"Input properties used for looking up and filtering UserAttributeMapper resources.\n","properties":{"alwaysReadValueFromLdap":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the value fetched from LDAP will override the value stored in Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"attributeDefaultValue":{"type":"string","description":"Default value to set in LDAP if \u003cspan pulumi-lang-nodejs=\"`isMandatoryInLdap`\" pulumi-lang-dotnet=\"`IsMandatoryInLdap`\" pulumi-lang-go=\"`isMandatoryInLdap`\" pulumi-lang-python=\"`is_mandatory_in_ldap`\" pulumi-lang-yaml=\"`isMandatoryInLdap`\" pulumi-lang-java=\"`isMandatoryInLdap`\"\u003e`is_mandatory_in_ldap`\u003c/span\u003e is true and the value is empty.\n"},"attributeForceDefault":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, an empty default value is forced for mandatory attributes even when a default value is not specified. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"isBinaryAttribute":{"type":"boolean","description":"Should be true for binary LDAP attributes.\n"},"isMandatoryInLdap":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this attribute must exist in LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"ldapAttribute":{"type":"string","description":"Name of the mapped attribute on the LDAP object.\n"},"ldapUserFederationId":{"type":"string","description":"The ID of the LDAP user federation provider to attach this mapper to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"Display name of this mapper when displayed in the console.\n"},"readOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"realmId":{"type":"string","description":"The realm that this LDAP mapper will exist in.\n","willReplaceOnChanges":true},"userModelAttribute":{"type":"string","description":"Name of the user property or attribute you want to map the LDAP attribute into.\n"}},"type":"object"}},"keycloak:ldap/userFederation:UserFederation":{"description":"Allows for creating and managing LDAP user federation providers within Keycloak.\n\nKeycloak can use an LDAP user federation provider to federate users to Keycloak\nfrom a directory system such as LDAP or Active Directory. Federated users\nwill exist within the realm and will be able to log in to clients. Federated\nusers can have their attributes defined using mappers.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n enabled: true,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n connectionTimeout: \"5s\",\n readTimeout: \"10s\",\n kerberos: {\n kerberosRealm: \"FOO.LOCAL\",\n serverPrincipal: \"HTTP/host.foo.com@FOO.LOCAL\",\n keyTab: \"/etc/host.keytab\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n enabled=True,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n connection_timeout=\"5s\",\n read_timeout=\"10s\",\n kerberos={\n \"kerberos_realm\": \"FOO.LOCAL\",\n \"server_principal\": \"HTTP/host.foo.com@FOO.LOCAL\",\n \"key_tab\": \"/etc/host.keytab\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n Enabled = true,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n ConnectionTimeout = \"5s\",\n ReadTimeout = \"10s\",\n Kerberos = new Keycloak.Ldap.Inputs.UserFederationKerberosArgs\n {\n KerberosRealm = \"FOO.LOCAL\",\n ServerPrincipal = \"HTTP/host.foo.com@FOO.LOCAL\",\n KeyTab = \"/etc/host.keytab\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tConnectionTimeout: pulumi.String(\"5s\"),\n\t\t\tReadTimeout: pulumi.String(\"10s\"),\n\t\t\tKerberos: \u0026ldap.UserFederationKerberosArgs{\n\t\t\t\tKerberosRealm: pulumi.String(\"FOO.LOCAL\"),\n\t\t\t\tServerPrincipal: pulumi.String(\"HTTP/host.foo.com@FOO.LOCAL\"),\n\t\t\t\tKeyTab: pulumi.String(\"/etc/host.keytab\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.inputs.UserFederationKerberosArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder()\n .name(\"openldap\")\n .realmId(realm.id())\n .enabled(true)\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .connectionTimeout(\"5s\")\n .readTimeout(\"10s\")\n .kerberos(UserFederationKerberosArgs.builder()\n .kerberosRealm(\"FOO.LOCAL\")\n .serverPrincipal(\"HTTP/host.foo.com@FOO.LOCAL\")\n .keyTab(\"/etc/host.keytab\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n enabled: true\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n connectionTimeout: 5s\n readTimeout: 10s\n kerberos:\n kerberosRealm: FOO.LOCAL\n serverPrincipal: HTTP/host.foo.com@FOO.LOCAL\n keyTab: /etc/host.keytab\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`.\nThe ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_ldap_user_federation.ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n\n","properties":{"batchSizeForSync":{"type":"integer","description":"The number of users to sync within a single transaction. Defaults to \u003cspan pulumi-lang-nodejs=\"`1000`\" pulumi-lang-dotnet=\"`1000`\" pulumi-lang-go=\"`1000`\" pulumi-lang-python=\"`1000`\" pulumi-lang-yaml=\"`1000`\" pulumi-lang-java=\"`1000`\"\u003e`1000`\u003c/span\u003e.\n"},"bindCredential":{"type":"string","description":"Password of LDAP admin. This attribute must be set if \u003cspan pulumi-lang-nodejs=\"`bindDn`\" pulumi-lang-dotnet=\"`BindDn`\" pulumi-lang-go=\"`bindDn`\" pulumi-lang-python=\"`bind_dn`\" pulumi-lang-yaml=\"`bindDn`\" pulumi-lang-java=\"`bindDn`\"\u003e`bind_dn`\u003c/span\u003e is set.\n","secret":true},"bindDn":{"type":"string","description":"DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if \u003cspan pulumi-lang-nodejs=\"`bindCredential`\" pulumi-lang-dotnet=\"`BindCredential`\" pulumi-lang-go=\"`bindCredential`\" pulumi-lang-python=\"`bind_credential`\" pulumi-lang-yaml=\"`bindCredential`\" pulumi-lang-java=\"`bindCredential`\"\u003e`bind_credential`\u003c/span\u003e is set.\n"},"cache":{"$ref":"#/types/keycloak:ldap/UserFederationCache:UserFederationCache","description":"A block containing the cache settings.\n"},"changedSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n"},"connectionPooling":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP connection pooling is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"connectionTimeout":{"type":"string","description":"LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n"},"connectionUrl":{"type":"string","description":"Connection URL to the LDAP server.\n"},"customUserSearchFilter":{"type":"string","description":"Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n"},"debug":{"type":"string","description":"Can be one of \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Will enable/disable logging for Kerberos Authentication. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e:\n"},"deleteDefaultMappers":{"type":"boolean","description":"When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"editMode":{"type":"string","description":"Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this provider will not be used when performing queries for users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.\n"},"importEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP users will be imported into the Keycloak database. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"kerberos":{"$ref":"#/types/keycloak:ldap/UserFederationKerberos:UserFederationKerberos","description":"A block containing the kerberos settings.\n"},"krbPrincipalAttribute":{"type":"string","description":"Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'.\n"},"name":{"type":"string","description":"Display name of the provider when displayed in the console.\n"},"pagination":{"type":"boolean","description":"When true, Keycloak assumes the LDAP server supports pagination. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"priority":{"type":"integer","description":"Priority of this provider when looking up users. Lower values are first. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"rdnLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as the relative distinguished name.\n"},"readTimeout":{"type":"string","description":"LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n"},"realmId":{"type":"string","description":"The realm that this provider will provide user federation for.\n"},"searchScope":{"type":"string","description":"Can be one of `ONE_LEVEL` or `SUBTREE`:\n- `ONE_LEVEL`: Only search for users in the DN specified by \u003cspan pulumi-lang-nodejs=\"`userDn`\" pulumi-lang-dotnet=\"`UserDn`\" pulumi-lang-go=\"`userDn`\" pulumi-lang-python=\"`user_dn`\" pulumi-lang-yaml=\"`userDn`\" pulumi-lang-java=\"`userDn`\"\u003e`user_dn`\u003c/span\u003e.\n- `SUBTREE`: Search entire LDAP subtree.\n"},"startTls":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n"},"syncRegistrations":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, newly created users will be synced back to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"trustEmail":{"type":"boolean","description":"If enabled, email provided by this provider is not verified even if verification is enabled for the realm.\n"},"usePasswordModifyExtendedOp":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, use the LDAPv3 Password Modify Extended Operation (RFC-3062).\n"},"useTruststoreSpi":{"type":"string","description":"Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n- `ALWAYS` - Always use the truststore SPI for LDAP connections.\n- `NEVER` - Never use the truststore SPI for LDAP connections.\n- `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.\n"},"userObjectClasses":{"type":"array","items":{"type":"string"},"description":"Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n"},"usernameLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as the Keycloak username.\n"},"usersDn":{"type":"string","description":"Full DN of LDAP tree where your users are.\n"},"uuidLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.\n"},"validatePasswordPolicy":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will validate passwords using the realm policy before updating it.\n"},"vendor":{"type":"string","description":"Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.\n"}},"required":["connectionUrl","krbPrincipalAttribute","name","rdnLdapAttribute","realmId","userObjectClasses","usernameLdapAttribute","usersDn","uuidLdapAttribute"],"inputProperties":{"batchSizeForSync":{"type":"integer","description":"The number of users to sync within a single transaction. Defaults to \u003cspan pulumi-lang-nodejs=\"`1000`\" pulumi-lang-dotnet=\"`1000`\" pulumi-lang-go=\"`1000`\" pulumi-lang-python=\"`1000`\" pulumi-lang-yaml=\"`1000`\" pulumi-lang-java=\"`1000`\"\u003e`1000`\u003c/span\u003e.\n"},"bindCredential":{"type":"string","description":"Password of LDAP admin. This attribute must be set if \u003cspan pulumi-lang-nodejs=\"`bindDn`\" pulumi-lang-dotnet=\"`BindDn`\" pulumi-lang-go=\"`bindDn`\" pulumi-lang-python=\"`bind_dn`\" pulumi-lang-yaml=\"`bindDn`\" pulumi-lang-java=\"`bindDn`\"\u003e`bind_dn`\u003c/span\u003e is set.\n","secret":true},"bindDn":{"type":"string","description":"DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if \u003cspan pulumi-lang-nodejs=\"`bindCredential`\" pulumi-lang-dotnet=\"`BindCredential`\" pulumi-lang-go=\"`bindCredential`\" pulumi-lang-python=\"`bind_credential`\" pulumi-lang-yaml=\"`bindCredential`\" pulumi-lang-java=\"`bindCredential`\"\u003e`bind_credential`\u003c/span\u003e is set.\n"},"cache":{"$ref":"#/types/keycloak:ldap/UserFederationCache:UserFederationCache","description":"A block containing the cache settings.\n"},"changedSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n"},"connectionPooling":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP connection pooling is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"connectionTimeout":{"type":"string","description":"LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n"},"connectionUrl":{"type":"string","description":"Connection URL to the LDAP server.\n"},"customUserSearchFilter":{"type":"string","description":"Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n"},"debug":{"type":"string","description":"Can be one of \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Will enable/disable logging for Kerberos Authentication. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e:\n"},"deleteDefaultMappers":{"type":"boolean","description":"When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"editMode":{"type":"string","description":"Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this provider will not be used when performing queries for users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.\n"},"importEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP users will be imported into the Keycloak database. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"kerberos":{"$ref":"#/types/keycloak:ldap/UserFederationKerberos:UserFederationKerberos","description":"A block containing the kerberos settings.\n"},"krbPrincipalAttribute":{"type":"string","description":"Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'.\n"},"name":{"type":"string","description":"Display name of the provider when displayed in the console.\n"},"pagination":{"type":"boolean","description":"When true, Keycloak assumes the LDAP server supports pagination. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"priority":{"type":"integer","description":"Priority of this provider when looking up users. Lower values are first. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"rdnLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as the relative distinguished name.\n"},"readTimeout":{"type":"string","description":"LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n"},"realmId":{"type":"string","description":"The realm that this provider will provide user federation for.\n","willReplaceOnChanges":true},"searchScope":{"type":"string","description":"Can be one of `ONE_LEVEL` or `SUBTREE`:\n- `ONE_LEVEL`: Only search for users in the DN specified by \u003cspan pulumi-lang-nodejs=\"`userDn`\" pulumi-lang-dotnet=\"`UserDn`\" pulumi-lang-go=\"`userDn`\" pulumi-lang-python=\"`user_dn`\" pulumi-lang-yaml=\"`userDn`\" pulumi-lang-java=\"`userDn`\"\u003e`user_dn`\u003c/span\u003e.\n- `SUBTREE`: Search entire LDAP subtree.\n"},"startTls":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n"},"syncRegistrations":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, newly created users will be synced back to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"trustEmail":{"type":"boolean","description":"If enabled, email provided by this provider is not verified even if verification is enabled for the realm.\n"},"usePasswordModifyExtendedOp":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, use the LDAPv3 Password Modify Extended Operation (RFC-3062).\n"},"useTruststoreSpi":{"type":"string","description":"Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n- `ALWAYS` - Always use the truststore SPI for LDAP connections.\n- `NEVER` - Never use the truststore SPI for LDAP connections.\n- `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.\n"},"userObjectClasses":{"type":"array","items":{"type":"string"},"description":"Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n"},"usernameLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as the Keycloak username.\n"},"usersDn":{"type":"string","description":"Full DN of LDAP tree where your users are.\n"},"uuidLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.\n"},"validatePasswordPolicy":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will validate passwords using the realm policy before updating it.\n"},"vendor":{"type":"string","description":"Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.\n"}},"requiredInputs":["connectionUrl","rdnLdapAttribute","realmId","userObjectClasses","usernameLdapAttribute","usersDn","uuidLdapAttribute"],"stateInputs":{"description":"Input properties used for looking up and filtering UserFederation resources.\n","properties":{"batchSizeForSync":{"type":"integer","description":"The number of users to sync within a single transaction. Defaults to \u003cspan pulumi-lang-nodejs=\"`1000`\" pulumi-lang-dotnet=\"`1000`\" pulumi-lang-go=\"`1000`\" pulumi-lang-python=\"`1000`\" pulumi-lang-yaml=\"`1000`\" pulumi-lang-java=\"`1000`\"\u003e`1000`\u003c/span\u003e.\n"},"bindCredential":{"type":"string","description":"Password of LDAP admin. This attribute must be set if \u003cspan pulumi-lang-nodejs=\"`bindDn`\" pulumi-lang-dotnet=\"`BindDn`\" pulumi-lang-go=\"`bindDn`\" pulumi-lang-python=\"`bind_dn`\" pulumi-lang-yaml=\"`bindDn`\" pulumi-lang-java=\"`bindDn`\"\u003e`bind_dn`\u003c/span\u003e is set.\n","secret":true},"bindDn":{"type":"string","description":"DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if \u003cspan pulumi-lang-nodejs=\"`bindCredential`\" pulumi-lang-dotnet=\"`BindCredential`\" pulumi-lang-go=\"`bindCredential`\" pulumi-lang-python=\"`bind_credential`\" pulumi-lang-yaml=\"`bindCredential`\" pulumi-lang-java=\"`bindCredential`\"\u003e`bind_credential`\u003c/span\u003e is set.\n"},"cache":{"$ref":"#/types/keycloak:ldap/UserFederationCache:UserFederationCache","description":"A block containing the cache settings.\n"},"changedSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n"},"connectionPooling":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP connection pooling is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"connectionTimeout":{"type":"string","description":"LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n"},"connectionUrl":{"type":"string","description":"Connection URL to the LDAP server.\n"},"customUserSearchFilter":{"type":"string","description":"Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n"},"debug":{"type":"string","description":"Can be one of \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Will enable/disable logging for Kerberos Authentication. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e:\n"},"deleteDefaultMappers":{"type":"boolean","description":"When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"editMode":{"type":"string","description":"Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this provider will not be used when performing queries for users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullSyncPeriod":{"type":"integer","description":"How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.\n"},"importEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, LDAP users will be imported into the Keycloak database. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"kerberos":{"$ref":"#/types/keycloak:ldap/UserFederationKerberos:UserFederationKerberos","description":"A block containing the kerberos settings.\n"},"krbPrincipalAttribute":{"type":"string","description":"Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'.\n"},"name":{"type":"string","description":"Display name of the provider when displayed in the console.\n"},"pagination":{"type":"boolean","description":"When true, Keycloak assumes the LDAP server supports pagination. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"priority":{"type":"integer","description":"Priority of this provider when looking up users. Lower values are first. Defaults to \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n"},"rdnLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as the relative distinguished name.\n"},"readTimeout":{"type":"string","description":"LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n"},"realmId":{"type":"string","description":"The realm that this provider will provide user federation for.\n","willReplaceOnChanges":true},"searchScope":{"type":"string","description":"Can be one of `ONE_LEVEL` or `SUBTREE`:\n- `ONE_LEVEL`: Only search for users in the DN specified by \u003cspan pulumi-lang-nodejs=\"`userDn`\" pulumi-lang-dotnet=\"`UserDn`\" pulumi-lang-go=\"`userDn`\" pulumi-lang-python=\"`user_dn`\" pulumi-lang-yaml=\"`userDn`\" pulumi-lang-java=\"`userDn`\"\u003e`user_dn`\u003c/span\u003e.\n- `SUBTREE`: Search entire LDAP subtree.\n"},"startTls":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.\n"},"syncRegistrations":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, newly created users will be synced back to LDAP. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"trustEmail":{"type":"boolean","description":"If enabled, email provided by this provider is not verified even if verification is enabled for the realm.\n"},"usePasswordModifyExtendedOp":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, use the LDAPv3 Password Modify Extended Operation (RFC-3062).\n"},"useTruststoreSpi":{"type":"string","description":"Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n- `ALWAYS` - Always use the truststore SPI for LDAP connections.\n- `NEVER` - Never use the truststore SPI for LDAP connections.\n- `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.\n"},"userObjectClasses":{"type":"array","items":{"type":"string"},"description":"Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n"},"usernameLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as the Keycloak username.\n"},"usersDn":{"type":"string","description":"Full DN of LDAP tree where your users are.\n"},"uuidLdapAttribute":{"type":"string","description":"Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.\n"},"validatePasswordPolicy":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will validate passwords using the realm policy before updating it.\n"},"vendor":{"type":"string","description":"Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.\n"}},"type":"object"}},"keycloak:oidc/facebookIdentityProvider:FacebookIdentityProvider":{"description":"Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst facebook = new keycloak.oidc.FacebookIdentityProvider(\"facebook\", {\n realm: realm.id,\n clientId: facebookIdentityProviderClientId,\n clientSecret: facebookIdentityProviderClientSecret,\n trustEmail: true,\n fetchedFields: \"picture\",\n syncMode: \"IMPORT\",\n extraConfig: {\n myCustomConfigKey: \"myValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nfacebook = keycloak.oidc.FacebookIdentityProvider(\"facebook\",\n realm=realm.id,\n client_id=facebook_identity_provider_client_id,\n client_secret=facebook_identity_provider_client_secret,\n trust_email=True,\n fetched_fields=\"picture\",\n sync_mode=\"IMPORT\",\n extra_config={\n \"myCustomConfigKey\": \"myValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var facebook = new Keycloak.Oidc.FacebookIdentityProvider(\"facebook\", new()\n {\n Realm = realm.Id,\n ClientId = facebookIdentityProviderClientId,\n ClientSecret = facebookIdentityProviderClientSecret,\n TrustEmail = true,\n FetchedFields = \"picture\",\n SyncMode = \"IMPORT\",\n ExtraConfig = \n {\n { \"myCustomConfigKey\", \"myValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewFacebookIdentityProvider(ctx, \"facebook\", \u0026oidc.FacebookIdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClientId: pulumi.Any(facebookIdentityProviderClientId),\n\t\t\tClientSecret: pulumi.Any(facebookIdentityProviderClientSecret),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tFetchedFields: pulumi.String(\"picture\"),\n\t\t\tSyncMode: pulumi.String(\"IMPORT\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"myCustomConfigKey\": pulumi.String(\"myValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.FacebookIdentityProvider;\nimport com.pulumi.keycloak.oidc.FacebookIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var facebook = new FacebookIdentityProvider(\"facebook\", FacebookIdentityProviderArgs.builder()\n .realm(realm.id())\n .clientId(facebookIdentityProviderClientId)\n .clientSecret(facebookIdentityProviderClientSecret)\n .trustEmail(true)\n .fetchedFields(\"picture\")\n .syncMode(\"IMPORT\")\n .extraConfig(Map.of(\"myCustomConfigKey\", \"myValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n facebook:\n type: keycloak:oidc:FacebookIdentityProvider\n properties:\n realm: ${realm.id}\n clientId: ${facebookIdentityProviderClientId}\n clientSecret: ${facebookIdentityProviderClientSecret}\n trustEmail: true\n fetchedFields: picture\n syncMode: IMPORT\n extraConfig:\n myCustomConfigKey: myValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFacebook Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where\u003cspan pulumi-lang-nodejs=\" idpAlias \" pulumi-lang-dotnet=\" IdpAlias \" pulumi-lang-go=\" idpAlias \" pulumi-lang-python=\" idp_alias \" pulumi-lang-yaml=\" idpAlias \" pulumi-lang-java=\" idpAlias \"\u003e idp_alias \u003c/span\u003eis the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_oidc_facebook_identity_provider.facebook.facebook_identity_provider my-realm/my-facebook-idp\n```\n\n","properties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"alias":{"type":"string","description":"The alias for the Facebook identity provider.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the Facebook identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"fetchedFields":{"type":"string","description":"Provide additional fields which would be fetched using the profile request. This will be appended to the default set of `id,name,email,first_name,last_name`.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`facebook`\" pulumi-lang-dotnet=\"`Facebook`\" pulumi-lang-go=\"`facebook`\" pulumi-lang-python=\"`facebook`\" pulumi-lang-yaml=\"`facebook`\" pulumi-lang-java=\"`facebook`\"\u003e`facebook`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"required":["alias","clientId","clientSecret","displayName","internalId","realm"],"inputProperties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias for the Facebook identity provider.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the Facebook identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"fetchedFields":{"type":"string","description":"Provide additional fields which would be fetched using the profile request. This will be appended to the default set of `id,name,email,first_name,last_name`.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`facebook`\" pulumi-lang-dotnet=\"`Facebook`\" pulumi-lang-go=\"`facebook`\" pulumi-lang-python=\"`facebook`\" pulumi-lang-yaml=\"`facebook`\" pulumi-lang-java=\"`facebook`\"\u003e`facebook`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"requiredInputs":["clientId","clientSecret","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering FacebookIdentityProvider resources.\n","properties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias for the Facebook identity provider.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the Facebook identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"fetchedFields":{"type":"string","description":"Provide additional fields which would be fetched using the profile request. This will be appended to the default set of `id,name,email,first_name,last_name`.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`facebook`\" pulumi-lang-dotnet=\"`Facebook`\" pulumi-lang-go=\"`facebook`\" pulumi-lang-python=\"`facebook`\" pulumi-lang-yaml=\"`facebook`\" pulumi-lang-java=\"`facebook`\"\u003e`facebook`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object"}},"keycloak:oidc/githubIdentityProvider:GithubIdentityProvider":{"description":"Allows for creating and managing **GitHub**-based OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\nThe GitHub variant is specialized for the public GitHub instance (github.com) or GitHub Enterprise deployments.\n\nFor example, it will obtain automatically the primary email from the logged in account.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst github = new keycloak.oidc.GithubIdentityProvider(\"github\", {\n realm: realm.id,\n clientId: githubIdentityProviderClientId,\n clientSecret: githubIdentityProviderClientSecret,\n trustEmail: true,\n syncMode: \"IMPORT\",\n extraConfig: {\n myCustomConfigKey: \"myValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngithub = keycloak.oidc.GithubIdentityProvider(\"github\",\n realm=realm.id,\n client_id=github_identity_provider_client_id,\n client_secret=github_identity_provider_client_secret,\n trust_email=True,\n sync_mode=\"IMPORT\",\n extra_config={\n \"myCustomConfigKey\": \"myValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var github = new Keycloak.Oidc.GithubIdentityProvider(\"github\", new()\n {\n Realm = realm.Id,\n ClientId = githubIdentityProviderClientId,\n ClientSecret = githubIdentityProviderClientSecret,\n TrustEmail = true,\n SyncMode = \"IMPORT\",\n ExtraConfig = \n {\n { \"myCustomConfigKey\", \"myValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewGithubIdentityProvider(ctx, \"github\", \u0026oidc.GithubIdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClientId: pulumi.Any(githubIdentityProviderClientId),\n\t\t\tClientSecret: pulumi.Any(githubIdentityProviderClientSecret),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tSyncMode: pulumi.String(\"IMPORT\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"myCustomConfigKey\": pulumi.String(\"myValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.GithubIdentityProvider;\nimport com.pulumi.keycloak.oidc.GithubIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var github = new GithubIdentityProvider(\"github\", GithubIdentityProviderArgs.builder()\n .realm(realm.id())\n .clientId(githubIdentityProviderClientId)\n .clientSecret(githubIdentityProviderClientSecret)\n .trustEmail(true)\n .syncMode(\"IMPORT\")\n .extraConfig(Map.of(\"myCustomConfigKey\", \"myValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n github:\n type: keycloak:oidc:GithubIdentityProvider\n properties:\n realm: ${realm.id}\n clientId: ${githubIdentityProviderClientId}\n clientSecret: ${githubIdentityProviderClientSecret}\n trustEmail: true\n syncMode: IMPORT\n extraConfig:\n myCustomConfigKey: myValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGitHub Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where\u003cspan pulumi-lang-nodejs=\" idpAlias \" pulumi-lang-dotnet=\" IdpAlias \" pulumi-lang-go=\" idpAlias \" pulumi-lang-python=\" idp_alias \" pulumi-lang-yaml=\" idpAlias \" pulumi-lang-java=\" idpAlias \"\u003e idp_alias \u003c/span\u003eis the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_oidc_github_identity_provider.github.github_identity_provider my-realm/my-github-idp\n```\n\n","properties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"alias":{"type":"string","description":"The alias for the GitHub identity provider.\n"},"apiUrl":{"type":"string","description":"The GitHub API URL, defaults to `https://api.github.com`.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"baseUrl":{"type":"string","description":"The GitHub base URL, defaults to `https://github.com`\n"},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `user:email`.\n"},"displayName":{"type":"string","description":"Display name for the GitHub identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"githubJsonFormat":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, GitHub API is told explicitly to accept JSON during token authentication requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`github`\" pulumi-lang-dotnet=\"`Github`\" pulumi-lang-go=\"`github`\" pulumi-lang-python=\"`github`\" pulumi-lang-yaml=\"`github`\" pulumi-lang-java=\"`github`\"\u003e`github`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"required":["alias","clientId","clientSecret","displayName","internalId","realm"],"inputProperties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias for the GitHub identity provider.\n"},"apiUrl":{"type":"string","description":"The GitHub API URL, defaults to `https://api.github.com`.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"baseUrl":{"type":"string","description":"The GitHub base URL, defaults to `https://github.com`\n"},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `user:email`.\n"},"displayName":{"type":"string","description":"Display name for the GitHub identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"githubJsonFormat":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, GitHub API is told explicitly to accept JSON during token authentication requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`github`\" pulumi-lang-dotnet=\"`Github`\" pulumi-lang-go=\"`github`\" pulumi-lang-python=\"`github`\" pulumi-lang-yaml=\"`github`\" pulumi-lang-java=\"`github`\"\u003e`github`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"requiredInputs":["clientId","clientSecret","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering GithubIdentityProvider resources.\n","properties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias for the GitHub identity provider.\n"},"apiUrl":{"type":"string","description":"The GitHub API URL, defaults to `https://api.github.com`.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"baseUrl":{"type":"string","description":"The GitHub base URL, defaults to `https://github.com`\n"},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `user:email`.\n"},"displayName":{"type":"string","description":"Display name for the GitHub identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"githubJsonFormat":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, GitHub API is told explicitly to accept JSON during token authentication requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`github`\" pulumi-lang-dotnet=\"`Github`\" pulumi-lang-go=\"`github`\" pulumi-lang-python=\"`github`\" pulumi-lang-yaml=\"`github`\" pulumi-lang-java=\"`github`\"\u003e`github`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object"}},"keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider":{"description":"Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst google = new keycloak.oidc.GoogleIdentityProvider(\"google\", {\n realm: realm.id,\n clientId: googleIdentityProviderClientId,\n clientSecret: googleIdentityProviderClientSecret,\n trustEmail: true,\n hostedDomain: \"example.com\",\n syncMode: \"IMPORT\",\n extraConfig: {\n myCustomConfigKey: \"myValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngoogle = keycloak.oidc.GoogleIdentityProvider(\"google\",\n realm=realm.id,\n client_id=google_identity_provider_client_id,\n client_secret=google_identity_provider_client_secret,\n trust_email=True,\n hosted_domain=\"example.com\",\n sync_mode=\"IMPORT\",\n extra_config={\n \"myCustomConfigKey\": \"myValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var google = new Keycloak.Oidc.GoogleIdentityProvider(\"google\", new()\n {\n Realm = realm.Id,\n ClientId = googleIdentityProviderClientId,\n ClientSecret = googleIdentityProviderClientSecret,\n TrustEmail = true,\n HostedDomain = \"example.com\",\n SyncMode = \"IMPORT\",\n ExtraConfig = \n {\n { \"myCustomConfigKey\", \"myValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewGoogleIdentityProvider(ctx, \"google\", \u0026oidc.GoogleIdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClientId: pulumi.Any(googleIdentityProviderClientId),\n\t\t\tClientSecret: pulumi.Any(googleIdentityProviderClientSecret),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tHostedDomain: pulumi.String(\"example.com\"),\n\t\t\tSyncMode: pulumi.String(\"IMPORT\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"myCustomConfigKey\": pulumi.String(\"myValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProvider;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var google = new GoogleIdentityProvider(\"google\", GoogleIdentityProviderArgs.builder()\n .realm(realm.id())\n .clientId(googleIdentityProviderClientId)\n .clientSecret(googleIdentityProviderClientSecret)\n .trustEmail(true)\n .hostedDomain(\"example.com\")\n .syncMode(\"IMPORT\")\n .extraConfig(Map.of(\"myCustomConfigKey\", \"myValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n google:\n type: keycloak:oidc:GoogleIdentityProvider\n properties:\n realm: ${realm.id}\n clientId: ${googleIdentityProviderClientId}\n clientSecret: ${googleIdentityProviderClientSecret}\n trustEmail: true\n hostedDomain: example.com\n syncMode: IMPORT\n extraConfig:\n myCustomConfigKey: myValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGoogle Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where\u003cspan pulumi-lang-nodejs=\" idpAlias \" pulumi-lang-dotnet=\" IdpAlias \" pulumi-lang-go=\" idpAlias \" pulumi-lang-python=\" idp_alias \" pulumi-lang-yaml=\" idpAlias \" pulumi-lang-java=\" idpAlias \"\u003e idp_alias \u003c/span\u003eis the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_oidc_google_identity_provider.google.google_identity_provider my-realm/my-google-idp\n```\n\n","properties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"alias":{"type":"string","description":"The alias for the Google identity provider.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the Google identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"hostedDomain":{"type":"string","description":"Sets the \"hd\" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`google`\" pulumi-lang-dotnet=\"`Google`\" pulumi-lang-go=\"`google`\" pulumi-lang-python=\"`google`\" pulumi-lang-yaml=\"`google`\" pulumi-lang-java=\"`google`\"\u003e`google`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n"},"requestRefreshToken":{"type":"boolean","description":"Sets the \u003cspan pulumi-lang-nodejs=\"\"accessType\"\" pulumi-lang-dotnet=\"\"AccessType\"\" pulumi-lang-go=\"\"accessType\"\" pulumi-lang-python=\"\"access_type\"\" pulumi-lang-yaml=\"\"accessType\"\" pulumi-lang-java=\"\"accessType\"\"\u003e\"access_type\"\u003c/span\u003e query parameter to \"offline\" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline.\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"useUserIpParam":{"type":"boolean","description":"Sets the \"userIp\" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service.\n"}},"required":["alias","clientId","clientSecret","displayName","internalId","realm"],"inputProperties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias for the Google identity provider.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the Google identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"hostedDomain":{"type":"string","description":"Sets the \"hd\" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`google`\" pulumi-lang-dotnet=\"`Google`\" pulumi-lang-go=\"`google`\" pulumi-lang-python=\"`google`\" pulumi-lang-yaml=\"`google`\" pulumi-lang-java=\"`google`\"\u003e`google`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"requestRefreshToken":{"type":"boolean","description":"Sets the \u003cspan pulumi-lang-nodejs=\"\"accessType\"\" pulumi-lang-dotnet=\"\"AccessType\"\" pulumi-lang-go=\"\"accessType\"\" pulumi-lang-python=\"\"access_type\"\" pulumi-lang-yaml=\"\"accessType\"\" pulumi-lang-java=\"\"accessType\"\"\u003e\"access_type\"\u003c/span\u003e query parameter to \"offline\" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline.\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"useUserIpParam":{"type":"boolean","description":"Sets the \"userIp\" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service.\n"}},"requiredInputs":["clientSecret","realm"],"stateInputs":{"description":"Input properties used for looking up and filtering GoogleIdentityProvider resources.\n","properties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias for the Google identity provider.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.\n","secret":true},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the Google identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this identity provider will be hidden on the login page. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"hostedDomain":{"type":"string","description":"Sets the \"hd\" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"orgDomain":{"type":"string"},"orgRedirectModeEmailMatches":{"type":"boolean"},"organizationId":{"type":"string","description":"ID of organization with which this identity is linked."},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`google`\" pulumi-lang-dotnet=\"`Google`\" pulumi-lang-go=\"`google`\" pulumi-lang-python=\"`google`\" pulumi-lang-yaml=\"`google`\" pulumi-lang-java=\"`google`\"\u003e`google`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"requestRefreshToken":{"type":"boolean","description":"Sets the \u003cspan pulumi-lang-nodejs=\"\"accessType\"\" pulumi-lang-dotnet=\"\"AccessType\"\" pulumi-lang-go=\"\"accessType\"\" pulumi-lang-python=\"\"access_type\"\" pulumi-lang-yaml=\"\"accessType\"\" pulumi-lang-java=\"\"accessType\"\"\u003e\"access_type\"\u003c/span\u003e query parameter to \"offline\" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline.\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"useUserIpParam":{"type":"boolean","description":"Sets the \"userIp\" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service.\n"}},"type":"object"}},"keycloak:oidc/identityProvider:IdentityProvider":{"description":"Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n\u003e **NOTICE:** This resource now supports write-only arguments\n\u003e for client secret via the new arguments \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e. Using write-only arguments\n\u003e prevents sensitive values from being stored in plan and state files. You cannot use \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and\n\u003e \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e alongside \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e as this will result in a validation error due to conflicts.\n\u003e\n\u003e For backward compatibility, the behavior of the original \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e argument remains unchanged.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmIdentityProvider = new keycloak.oidc.IdentityProvider(\"realm_identity_provider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n extraConfig: {\n clientAuthMethod: \"client_secret_post\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_identity_provider = keycloak.oidc.IdentityProvider(\"realm_identity_provider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\",\n extra_config={\n \"clientAuthMethod\": \"client_secret_post\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"realm_identity_provider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n ExtraConfig = \n {\n { \"clientAuthMethod\", \"client_secret_post\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewIdentityProvider(ctx, \"realm_identity_provider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"clientAuthMethod\": pulumi.String(\"client_secret_post\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .extraConfig(Map.of(\"clientAuthMethod\", \"client_secret_post\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n name: realm_identity_provider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n extraConfig:\n clientAuthMethod: client_secret_post\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where \u003cspan pulumi-lang-nodejs=\"`idpAlias`\" pulumi-lang-dotnet=\"`IdpAlias`\" pulumi-lang-go=\"`idpAlias`\" pulumi-lang-python=\"`idp_alias`\" pulumi-lang-yaml=\"`idpAlias`\" pulumi-lang-java=\"`idpAlias`\"\u003e`idp_alias`\u003c/span\u003e is the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_oidc_identity_provider.realm_identity_provider my-realm/my-idp\n```\n\n","properties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"alias":{"type":"string","description":"The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n"},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"authorizationUrl":{"type":"string","description":"The Authorization Url.\n"},"backchannelSupported":{"type":"boolean","description":"Does the external IDP support backchannel logout? Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. Required without \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e.\n","secret":true},"clientSecretWo":{"type":"string","description":"**NOTE:** This field is write-only and its value will not be updated in state as part of read operations.\nThe secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This is a write-only argument and Terraform does not store them in state or plan files. If omitted, this will fallback to use \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e.\n","secret":true},"clientSecretWoVersion":{"type":"integer","description":"Functions as a flag and/or trigger to indicate Terraform when to use the input value in \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e to execute a Create or Update operation. The value of this argument is stored in the state and plan files. Required when using \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e.\n"},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to \u003cspan pulumi-lang-nodejs=\"`openid`\" pulumi-lang-dotnet=\"`Openid`\" pulumi-lang-go=\"`openid`\" pulumi-lang-python=\"`openid`\" pulumi-lang-yaml=\"`openid`\" pulumi-lang-java=\"`openid`\"\u003e`openid`\u003c/span\u003e.\n"},"disableTypeClaimCheck":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the check for the \u003cspan pulumi-lang-nodejs=\"`typ`\" pulumi-lang-dotnet=\"`Typ`\" pulumi-lang-go=\"`typ`\" pulumi-lang-python=\"`typ`\" pulumi-lang-yaml=\"`typ`\" pulumi-lang-java=\"`typ`\"\u003e`typ`\u003c/span\u003e claim of tokens received from the identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n- `clientAuthMethod` (Optional) The client authentication method. Since Keycloak 8, this is a required attribute if OIDC provider is created using the Keycloak GUI. It accepts the values \u003cspan pulumi-lang-nodejs=\"`clientSecretPost`\" pulumi-lang-dotnet=\"`ClientSecretPost`\" pulumi-lang-go=\"`clientSecretPost`\" pulumi-lang-python=\"`client_secret_post`\" pulumi-lang-yaml=\"`clientSecretPost`\" pulumi-lang-java=\"`clientSecretPost`\"\u003e`client_secret_post`\u003c/span\u003e (Client secret sent as post), \u003cspan pulumi-lang-nodejs=\"`clientSecretBasic`\" pulumi-lang-dotnet=\"`ClientSecretBasic`\" pulumi-lang-go=\"`clientSecretBasic`\" pulumi-lang-python=\"`client_secret_basic`\" pulumi-lang-yaml=\"`clientSecretBasic`\" pulumi-lang-java=\"`clientSecretBasic`\"\u003e`client_secret_basic`\u003c/span\u003e (Client secret sent as basic auth), \u003cspan pulumi-lang-nodejs=\"`clientSecretJwt`\" pulumi-lang-dotnet=\"`ClientSecretJwt`\" pulumi-lang-go=\"`clientSecretJwt`\" pulumi-lang-python=\"`client_secret_jwt`\" pulumi-lang-yaml=\"`clientSecretJwt`\" pulumi-lang-java=\"`clientSecretJwt`\"\u003e`client_secret_jwt`\u003c/span\u003e (Client secret as jwt) and \u003cspan pulumi-lang-nodejs=\"`privateKeyJwt \" pulumi-lang-dotnet=\"`PrivateKeyJwt \" pulumi-lang-go=\"`privateKeyJwt \" pulumi-lang-python=\"`private_key_jwt \" pulumi-lang-yaml=\"`privateKeyJwt \" pulumi-lang-java=\"`privateKeyJwt \"\u003e`private_key_jwt \u003c/span\u003e` (JTW signed with private key)\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"issuer":{"type":"string","description":"The issuer identifier for the issuer of the response. If not provided, no validation will be performed.\n"},"jwksUrl":{"type":"string","description":"JSON Web Key Set URL.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"loginHint":{"type":"string","description":"Pass login hint to identity provider.\n"},"logoutUrl":{"type":"string","description":"The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.\n"},"orgDomain":{"type":"string","description":"The organization domain to associate this identity provider with. it is used to map users to an organization based on their email domain and to authenticate them accordingly in the scope of the organization.\n"},"orgRedirectModeEmailMatches":{"type":"boolean","description":"Indicates whether to automatically redirect user to this identity provider when email domain matches domain.\n"},"organizationId":{"type":"string","description":"The ID of the organization to link this identity provider to.\n"},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`oidc`\" pulumi-lang-dotnet=\"`Oidc`\" pulumi-lang-go=\"`oidc`\" pulumi-lang-python=\"`oidc`\" pulumi-lang-yaml=\"`oidc`\" pulumi-lang-java=\"`oidc`\"\u003e`oidc`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"tokenUrl":{"type":"string","description":"The Token URL.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"uiLocales":{"type":"boolean","description":"Pass current locale to identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"userInfoUrl":{"type":"string","description":"User Info URL.\n"},"validateSignature":{"type":"boolean","description":"Enable/disable signature validation of external IDP signatures. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"required":["alias","authorizationUrl","clientId","displayName","internalId","realm","tokenUrl"],"inputProperties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n","willReplaceOnChanges":true},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"authorizationUrl":{"type":"string","description":"The Authorization Url.\n"},"backchannelSupported":{"type":"boolean","description":"Does the external IDP support backchannel logout? Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. Required without \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e.\n","secret":true},"clientSecretWo":{"type":"string","description":"**NOTE:** This field is write-only and its value will not be updated in state as part of read operations.\nThe secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This is a write-only argument and Terraform does not store them in state or plan files. If omitted, this will fallback to use \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e.\n","secret":true},"clientSecretWoVersion":{"type":"integer","description":"Functions as a flag and/or trigger to indicate Terraform when to use the input value in \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e to execute a Create or Update operation. The value of this argument is stored in the state and plan files. Required when using \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e.\n"},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to \u003cspan pulumi-lang-nodejs=\"`openid`\" pulumi-lang-dotnet=\"`Openid`\" pulumi-lang-go=\"`openid`\" pulumi-lang-python=\"`openid`\" pulumi-lang-yaml=\"`openid`\" pulumi-lang-java=\"`openid`\"\u003e`openid`\u003c/span\u003e.\n"},"disableTypeClaimCheck":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the check for the \u003cspan pulumi-lang-nodejs=\"`typ`\" pulumi-lang-dotnet=\"`Typ`\" pulumi-lang-go=\"`typ`\" pulumi-lang-python=\"`typ`\" pulumi-lang-yaml=\"`typ`\" pulumi-lang-java=\"`typ`\"\u003e`typ`\u003c/span\u003e claim of tokens received from the identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n- `clientAuthMethod` (Optional) The client authentication method. Since Keycloak 8, this is a required attribute if OIDC provider is created using the Keycloak GUI. It accepts the values \u003cspan pulumi-lang-nodejs=\"`clientSecretPost`\" pulumi-lang-dotnet=\"`ClientSecretPost`\" pulumi-lang-go=\"`clientSecretPost`\" pulumi-lang-python=\"`client_secret_post`\" pulumi-lang-yaml=\"`clientSecretPost`\" pulumi-lang-java=\"`clientSecretPost`\"\u003e`client_secret_post`\u003c/span\u003e (Client secret sent as post), \u003cspan pulumi-lang-nodejs=\"`clientSecretBasic`\" pulumi-lang-dotnet=\"`ClientSecretBasic`\" pulumi-lang-go=\"`clientSecretBasic`\" pulumi-lang-python=\"`client_secret_basic`\" pulumi-lang-yaml=\"`clientSecretBasic`\" pulumi-lang-java=\"`clientSecretBasic`\"\u003e`client_secret_basic`\u003c/span\u003e (Client secret sent as basic auth), \u003cspan pulumi-lang-nodejs=\"`clientSecretJwt`\" pulumi-lang-dotnet=\"`ClientSecretJwt`\" pulumi-lang-go=\"`clientSecretJwt`\" pulumi-lang-python=\"`client_secret_jwt`\" pulumi-lang-yaml=\"`clientSecretJwt`\" pulumi-lang-java=\"`clientSecretJwt`\"\u003e`client_secret_jwt`\u003c/span\u003e (Client secret as jwt) and \u003cspan pulumi-lang-nodejs=\"`privateKeyJwt \" pulumi-lang-dotnet=\"`PrivateKeyJwt \" pulumi-lang-go=\"`privateKeyJwt \" pulumi-lang-python=\"`private_key_jwt \" pulumi-lang-yaml=\"`privateKeyJwt \" pulumi-lang-java=\"`privateKeyJwt \"\u003e`private_key_jwt \u003c/span\u003e` (JTW signed with private key)\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"issuer":{"type":"string","description":"The issuer identifier for the issuer of the response. If not provided, no validation will be performed.\n"},"jwksUrl":{"type":"string","description":"JSON Web Key Set URL.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"loginHint":{"type":"string","description":"Pass login hint to identity provider.\n"},"logoutUrl":{"type":"string","description":"The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.\n"},"orgDomain":{"type":"string","description":"The organization domain to associate this identity provider with. it is used to map users to an organization based on their email domain and to authenticate them accordingly in the scope of the organization.\n"},"orgRedirectModeEmailMatches":{"type":"boolean","description":"Indicates whether to automatically redirect user to this identity provider when email domain matches domain.\n"},"organizationId":{"type":"string","description":"The ID of the organization to link this identity provider to.\n"},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`oidc`\" pulumi-lang-dotnet=\"`Oidc`\" pulumi-lang-go=\"`oidc`\" pulumi-lang-python=\"`oidc`\" pulumi-lang-yaml=\"`oidc`\" pulumi-lang-java=\"`oidc`\"\u003e`oidc`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"tokenUrl":{"type":"string","description":"The Token URL.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"uiLocales":{"type":"boolean","description":"Pass current locale to identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"userInfoUrl":{"type":"string","description":"User Info URL.\n"},"validateSignature":{"type":"boolean","description":"Enable/disable signature validation of external IDP signatures. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"requiredInputs":["alias","authorizationUrl","clientId","realm","tokenUrl"],"stateInputs":{"description":"Input properties used for looking up and filtering IdentityProvider resources.\n","properties":{"acceptsPromptNoneForwardFromClient":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.\n","willReplaceOnChanges":true},"authenticateByDefault":{"type":"boolean","description":"Enable/disable authenticate users by default."},"authorizationUrl":{"type":"string","description":"The Authorization Url.\n"},"backchannelSupported":{"type":"boolean","description":"Does the external IDP support backchannel logout? Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client or client identifier registered within the identity provider.\n"},"clientSecret":{"type":"string","description":"The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. Required without \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e.\n","secret":true},"clientSecretWo":{"type":"string","description":"**NOTE:** This field is write-only and its value will not be updated in state as part of read operations.\nThe secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This is a write-only argument and Terraform does not store them in state or plan files. If omitted, this will fallback to use \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e.\n","secret":true},"clientSecretWoVersion":{"type":"integer","description":"Functions as a flag and/or trigger to indicate Terraform when to use the input value in \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e to execute a Create or Update operation. The value of this argument is stored in the state and plan files. Required when using \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e.\n"},"defaultScopes":{"type":"string","description":"The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to \u003cspan pulumi-lang-nodejs=\"`openid`\" pulumi-lang-dotnet=\"`Openid`\" pulumi-lang-go=\"`openid`\" pulumi-lang-python=\"`openid`\" pulumi-lang-yaml=\"`openid`\" pulumi-lang-java=\"`openid`\"\u003e`openid`\u003c/span\u003e.\n"},"disableTypeClaimCheck":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the check for the \u003cspan pulumi-lang-nodejs=\"`typ`\" pulumi-lang-dotnet=\"`Typ`\" pulumi-lang-go=\"`typ`\" pulumi-lang-python=\"`typ`\" pulumi-lang-yaml=\"`typ`\" pulumi-lang-java=\"`typ`\"\u003e`typ`\u003c/span\u003e claim of tokens received from the identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disableUserInfo":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, disables the usage of the user info service to obtain additional user information. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"Display name for the identity provider in the GUI.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users will be able to log in to this realm using this identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n- `clientAuthMethod` (Optional) The client authentication method. Since Keycloak 8, this is a required attribute if OIDC provider is created using the Keycloak GUI. It accepts the values \u003cspan pulumi-lang-nodejs=\"`clientSecretPost`\" pulumi-lang-dotnet=\"`ClientSecretPost`\" pulumi-lang-go=\"`clientSecretPost`\" pulumi-lang-python=\"`client_secret_post`\" pulumi-lang-yaml=\"`clientSecretPost`\" pulumi-lang-java=\"`clientSecretPost`\"\u003e`client_secret_post`\u003c/span\u003e (Client secret sent as post), \u003cspan pulumi-lang-nodejs=\"`clientSecretBasic`\" pulumi-lang-dotnet=\"`ClientSecretBasic`\" pulumi-lang-go=\"`clientSecretBasic`\" pulumi-lang-python=\"`client_secret_basic`\" pulumi-lang-yaml=\"`clientSecretBasic`\" pulumi-lang-java=\"`clientSecretBasic`\"\u003e`client_secret_basic`\u003c/span\u003e (Client secret sent as basic auth), \u003cspan pulumi-lang-nodejs=\"`clientSecretJwt`\" pulumi-lang-dotnet=\"`ClientSecretJwt`\" pulumi-lang-go=\"`clientSecretJwt`\" pulumi-lang-python=\"`client_secret_jwt`\" pulumi-lang-yaml=\"`clientSecretJwt`\" pulumi-lang-java=\"`clientSecretJwt`\"\u003e`client_secret_jwt`\u003c/span\u003e (Client secret as jwt) and \u003cspan pulumi-lang-nodejs=\"`privateKeyJwt \" pulumi-lang-dotnet=\"`PrivateKeyJwt \" pulumi-lang-go=\"`privateKeyJwt \" pulumi-lang-python=\"`private_key_jwt \" pulumi-lang-yaml=\"`privateKeyJwt \" pulumi-lang-java=\"`privateKeyJwt \"\u003e`private_key_jwt \u003c/span\u003e` (JTW signed with private key)\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"internalId":{"type":"string","description":"(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.\n"},"issuer":{"type":"string","description":"The issuer identifier for the issuer of the response. If not provided, no validation will be performed.\n"},"jwksUrl":{"type":"string","description":"JSON Web Key Set URL.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"loginHint":{"type":"string","description":"Pass login hint to identity provider.\n"},"logoutUrl":{"type":"string","description":"The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.\n"},"orgDomain":{"type":"string","description":"The organization domain to associate this identity provider with. it is used to map users to an organization based on their email domain and to authenticate them accordingly in the scope of the organization.\n"},"orgRedirectModeEmailMatches":{"type":"boolean","description":"Indicates whether to automatically redirect user to this identity provider when email domain matches domain.\n"},"organizationId":{"type":"string","description":"The ID of the organization to link this identity provider to.\n"},"postBrokerLoginFlowAlias":{"type":"string","description":"The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`oidc`\" pulumi-lang-dotnet=\"`Oidc`\" pulumi-lang-go=\"`oidc`\" pulumi-lang-python=\"`oidc`\" pulumi-lang-yaml=\"`oidc`\" pulumi-lang-java=\"`oidc`\"\u003e`oidc`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"tokenUrl":{"type":"string","description":"The Token URL.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"uiLocales":{"type":"boolean","description":"Pass current locale to identity provider. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"userInfoUrl":{"type":"string","description":"User Info URL.\n"},"validateSignature":{"type":"boolean","description":"Enable/disable signature validation of external IDP signatures. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object"}},"keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper":{"description":"Allows for creating and managing audience protocol mappers within Keycloak.\n\nAudience protocol mappers allow you to add audiences to the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim within issued tokens. The audience can be a custom\nstring, or it can be mapped to the ID of a pre-existing client.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the audience should be included in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim for the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the audience should be included in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim for the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"includedClientAudience":{"type":"string","description":"A client ID to include within the token's \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim. Conflicts with \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e must be specified.\n"},"includedCustomAudience":{"type":"string","description":"A custom audience to include within the token's \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim. Conflicts with \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the audience should be included in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim for the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the audience should be included in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim for the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"includedClientAudience":{"type":"string","description":"A client ID to include within the token's \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim. Conflicts with \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e must be specified.\n"},"includedCustomAudience":{"type":"string","description":"A custom audience to include within the token's \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim. Conflicts with \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering AudienceProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the audience should be included in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim for the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the audience should be included in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim for the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"includedClientAudience":{"type":"string","description":"A client ID to include within the token's \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim. Conflicts with \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e must be specified.\n"},"includedCustomAudience":{"type":"string","description":"A custom audience to include within the token's \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim. Conflicts with \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedClientAudience`\" pulumi-lang-dotnet=\"`IncludedClientAudience`\" pulumi-lang-go=\"`includedClientAudience`\" pulumi-lang-python=\"`included_client_audience`\" pulumi-lang-yaml=\"`includedClientAudience`\" pulumi-lang-java=\"`includedClientAudience`\"\u003e`included_client_audience`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedCustomAudience`\" pulumi-lang-dotnet=\"`IncludedCustomAudience`\" pulumi-lang-go=\"`includedCustomAudience`\" pulumi-lang-python=\"`included_custom_audience`\" pulumi-lang-yaml=\"`includedCustomAudience`\" pulumi-lang-java=\"`includedCustomAudience`\"\u003e`included_custom_audience`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper":{"description":"Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"my-audience-resolve-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"my-audience-resolve-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"my-audience-resolve-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"my-audience-resolve-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"my-audience-resolve-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: my-audience-resolve-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI. Defaults to \"audience resolve\".\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["name","realmId"],"inputProperties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI. Defaults to \"audience resolve\".\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering AudienceResolveProtocolMapper resources.\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI. Defaults to \"audience resolve\".\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"},"aliases":[{"type":"keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter"}]},"keycloak:openid/client:Client":{"description":"Allows for creating and managing Keycloak clients that use the OpenID Connect protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n\u003e **NOTICE:** This resource now supports write-only arguments\n\u003e for client secret via the new arguments \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e. Using write-only arguments\n\u003e prevents sensitive values from being stored in plan and state files. You cannot use \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and\n\u003e \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e alongside \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e as this will result in a validation error due to conflicts.\n\u003e\n\u003e For backward compatibility, the behavior of the original \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e argument remains unchanged.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n loginTheme: \"keycloak\",\n extraConfig: {\n key1: \"value1\",\n key2: \"value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"],\n login_theme=\"keycloak\",\n extra_config={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n LoginTheme = \"keycloak\",\n ExtraConfig = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t\tLoginTheme: pulumi.String(\"keycloak\"),\n\t\t\tExtraConfig: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1\"),\n\t\t\t\t\"key2\": pulumi.String(\"value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .loginTheme(\"keycloak\")\n .extraConfig(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/openid-callback\n loginTheme: keycloak\n extraConfig:\n key1: value1\n key2: value2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### With Regenerating The Client Secret Using Time Provider\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\nimport * as time from \"@pulumi/time\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst rotate = new time.index.Rotating(\"rotate\", {rotationDays: 10});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n clientSecretRegenerateWhenChanged: {\n rotation: rotate.rotationRfc3339,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\nimport pulumi_time as time\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrotate = time.index.Rotating(\"rotate\", rotation_days=10)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n client_secret_regenerate_when_changed={\n \"rotation\": rotate[\"rotationRfc3339\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var rotate = new Time.Index.Rotating(\"rotate\", new()\n {\n RotationDays = 10,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ClientSecretRegenerateWhenChanged = \n {\n { \"rotation\", rotate.RotationRfc3339 },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trotate, err := time.NewRotating(ctx, \"rotate\", \u0026time.RotatingArgs{\n\t\t\tRotationDays: 10,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientSecretRegenerateWhenChanged: pulumi.StringMap{\n\t\t\t\t\"rotation\": rotate.RotationRfc3339,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.time.Rotating;\nimport com.pulumi.time.RotatingArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var rotate = new Rotating(\"rotate\", RotatingArgs.builder()\n .rotationDays(10)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .clientSecretRegenerateWhenChanged(Map.of(\"rotation\", rotate.rotationRfc3339()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n rotate:\n type: time:Rotating\n properties:\n rotationDays: 10\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n clientSecretRegenerateWhenChanged:\n rotation: ${rotate.rotationRfc3339}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where \u003cspan pulumi-lang-nodejs=\"`clientKeycloakId`\" pulumi-lang-dotnet=\"`ClientKeycloakId`\" pulumi-lang-go=\"`clientKeycloakId`\" pulumi-lang-python=\"`client_keycloak_id`\" pulumi-lang-yaml=\"`clientKeycloakId`\" pulumi-lang-java=\"`clientKeycloakId`\"\u003e`client_keycloak_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\nterraform import keycloak_openid_client.openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n\n","properties":{"accessTokenLifespan":{"type":"string","description":"The amount of time in seconds before an access token expires. This will override the default for the realm.\n"},"accessType":{"type":"string","description":"Specifies the type of client, which can be one of the following:\n- `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating.\nThis client should be used for applications using the Authorization Code or Client Credentials grant flows.\n- `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect\nURIs for security. This client should be used for applications using the Implicit grant flow.\n- `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests.\n"},"adminUrl":{"type":"string","description":"URL to the admin interface of the client.\n"},"allowRefreshTokenInStandardTokenExchange":{"type":"string","description":"Defines whether to allow refresh token in Standard Token Exchange. Possible values are `NO` (default) and `SAME_SESSION`.\n"},"alwaysDisplayInConsole":{"type":"boolean","description":"Always list this client in the Account UI, even if the user does not have an active session.\n"},"authenticationFlowBindingOverrides":{"$ref":"#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides","description":"Override realm authentication flow bindings\n"},"authorization":{"$ref":"#/types/keycloak:openid/ClientAuthorization:ClientAuthorization","description":"When this block is present, fine-grained authorization will be enabled for this client. The client's \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e must be `CONFIDENTIAL`, and \u003cspan pulumi-lang-nodejs=\"`serviceAccountsEnabled`\" pulumi-lang-dotnet=\"`ServiceAccountsEnabled`\" pulumi-lang-go=\"`serviceAccountsEnabled`\" pulumi-lang-python=\"`service_accounts_enabled`\" pulumi-lang-yaml=\"`serviceAccountsEnabled`\" pulumi-lang-java=\"`serviceAccountsEnabled`\"\u003e`service_accounts_enabled`\u003c/span\u003e must be \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e. This block has the following arguments:\n"},"backchannelLogoutRevokeOfflineSessions":{"type":"boolean","description":"Specifying whether a \u003cspan pulumi-lang-nodejs=\"\"revokeOfflineAccess\"\" pulumi-lang-dotnet=\"\"RevokeOfflineAccess\"\" pulumi-lang-go=\"\"revokeOfflineAccess\"\" pulumi-lang-python=\"\"revoke_offline_access\"\" pulumi-lang-yaml=\"\"revokeOfflineAccess\"\" pulumi-lang-java=\"\"revokeOfflineAccess\"\"\u003e\"revoke_offline_access\"\u003c/span\u003e event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.\n"},"backchannelLogoutSessionRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"backchannelLogoutUrl":{"type":"string","description":"The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case.\n"},"baseUrl":{"type":"string","description":"Default URL to use when the auth server needs to redirect or link back to the client.\n"},"clientAuthenticatorType":{"type":"string","description":"Defaults to `client-secret`. The authenticator type for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types:\n- `client-secret` (Default) Use client id and client secret to authenticate client.\n- `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n- `client-x509` Use x509 certificate to authenticate client. Set Subject DN in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.x509.subjectdn = \u003csubjectDn\u003e`\n- `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n"},"clientId":{"type":"string","description":"The Client ID for this client, referenced in the URI during authentication and in issued tokens.\n"},"clientOfflineSessionIdleTimeout":{"type":"string","description":"Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.\n"},"clientOfflineSessionMaxLifespan":{"type":"string","description":"Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.\n"},"clientSecret":{"type":"string","description":"The secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak.\n","secret":true},"clientSecretRegenerateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"Arbitrary map of values that, when changed, will trigger rotation of the secret. NOTE! Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e attribute and can't be used together\n"},"clientSecretWo":{"type":"string","description":"**NOTE:** This field is write-only and its value will not be updated in state as part of read operations.\nThe secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This is a write-only argument and Terraform does not store them in state or plan files. If omitted, this will fallback to use \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e.\n","secret":true},"clientSecretWoVersion":{"type":"integer","description":"Functions as a flag and/or trigger to indicate Terraform when to use the input value in \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e to execute a Create or Update operation. The value of this argument is stored in the state and plan files. Required when using \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e.\n"},"clientSessionIdleTimeout":{"type":"string","description":"Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value.\n"},"clientSessionMaxLifespan":{"type":"string","description":"Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value.\n"},"consentRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users have to consent to client access. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"consentScreenText":{"type":"string","description":"The text to display on the consent screen about permissions specific to this client. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`displayOnConsentScreen`\" pulumi-lang-dotnet=\"`DisplayOnConsentScreen`\" pulumi-lang-go=\"`displayOnConsentScreen`\" pulumi-lang-python=\"`display_on_consent_screen`\" pulumi-lang-yaml=\"`displayOnConsentScreen`\" pulumi-lang-java=\"`displayOnConsentScreen`\"\u003e`display_on_consent_screen`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"description":{"type":"string","description":"The description of this client in the GUI.\n"},"directAccessGrantsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayOnConsentScreen":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the consent screen will display information about the client itself. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`consentRequired`\" pulumi-lang-dotnet=\"`ConsentRequired`\" pulumi-lang-go=\"`consentRequired`\" pulumi-lang-python=\"`consent_required`\" pulumi-lang-yaml=\"`consentRequired`\" pulumi-lang-java=\"`consentRequired`\"\u003e`consent_required`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this client will not be able to initiate a login or obtain access tokens. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"excludeIssuerFromAuthResponse":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the parameter \u003cspan pulumi-lang-nodejs=\"`iss`\" pulumi-lang-dotnet=\"`Iss`\" pulumi-lang-go=\"`iss`\" pulumi-lang-python=\"`iss`\" pulumi-lang-yaml=\"`iss`\" pulumi-lang-java=\"`iss`\"\u003e`iss`\u003c/span\u003e will not be included in OpenID Connect Authentication Response.\n"},"excludeSessionStateFromAuthResponse":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the parameter \u003cspan pulumi-lang-nodejs=\"`sessionState`\" pulumi-lang-dotnet=\"`SessionState`\" pulumi-lang-go=\"`sessionState`\" pulumi-lang-python=\"`session_state`\" pulumi-lang-yaml=\"`sessionState`\" pulumi-lang-java=\"`sessionState`\"\u003e`session_state`\u003c/span\u003e will not be included in OpenID Connect Authentication Response.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. For example, the \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e map can be used to set Authentication Context Class Reference (ACR) to Level of Authentication (LoA) mapping\n"},"frontchannelLogoutEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, frontchannel logout will be enabled for this client. Specify the url with \u003cspan pulumi-lang-nodejs=\"`frontchannelLogoutUrl`\" pulumi-lang-dotnet=\"`FrontchannelLogoutUrl`\" pulumi-lang-go=\"`frontchannelLogoutUrl`\" pulumi-lang-python=\"`frontchannel_logout_url`\" pulumi-lang-yaml=\"`frontchannelLogoutUrl`\" pulumi-lang-java=\"`frontchannelLogoutUrl`\"\u003e`frontchannel_logout_url`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"frontchannelLogoutUrl":{"type":"string","description":"The frontchannel logout url. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`frontchannelLogoutEnabled`\" pulumi-lang-dotnet=\"`FrontchannelLogoutEnabled`\" pulumi-lang-go=\"`frontchannelLogoutEnabled`\" pulumi-lang-python=\"`frontchannel_logout_enabled`\" pulumi-lang-yaml=\"`frontchannelLogoutEnabled`\" pulumi-lang-java=\"`frontchannelLogoutEnabled`\"\u003e`frontchannel_logout_enabled`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullScopeAllowed":{"type":"boolean","description":"Allow to include all roles mappings in the access token.\n"},"implicitFlowEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Implicit Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the client with the specified \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as \u003cspan pulumi-lang-nodejs=\"`account`\" pulumi-lang-dotnet=\"`Account`\" pulumi-lang-go=\"`account`\" pulumi-lang-python=\"`account`\" pulumi-lang-yaml=\"`account`\" pulumi-lang-java=\"`account`\"\u003e`account`\u003c/span\u003e and `admin-cli`. Note, that the client will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"loginTheme":{"type":"string","description":"The client login theme. This will override the default theme for the realm.\n"},"name":{"type":"string","description":"The display name of this client in the GUI.\n"},"oauth2DeviceAuthorizationGrantEnabled":{"type":"boolean","description":"Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.\n"},"oauth2DeviceCodeLifespan":{"type":"string","description":"The maximum amount of time a client has to finish the device code flow before it expires.\n"},"oauth2DevicePollingInterval":{"type":"string","description":"The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n"},"pkceCodeChallengeMethod":{"type":"string","description":"The challenge method to use for Proof Key for Code Exchange. Can be either \u003cspan pulumi-lang-nodejs=\"`plain`\" pulumi-lang-dotnet=\"`Plain`\" pulumi-lang-go=\"`plain`\" pulumi-lang-python=\"`plain`\" pulumi-lang-yaml=\"`plain`\" pulumi-lang-java=\"`plain`\"\u003e`plain`\u003c/span\u003e or `S256` or set to empty value ``.\n"},"realmId":{"type":"string","description":"The realm this client is attached to.\n"},"requireDpopBoundTokens":{"type":"boolean","description":"Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens.\n"},"resourceServerId":{"type":"string","description":"(Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute).\n"},"rootUrl":{"type":"string","description":"When specified, this URL is prepended to any relative URLs found within \u003cspan pulumi-lang-nodejs=\"`validRedirectUris`\" pulumi-lang-dotnet=\"`ValidRedirectUris`\" pulumi-lang-go=\"`validRedirectUris`\" pulumi-lang-python=\"`valid_redirect_uris`\" pulumi-lang-yaml=\"`validRedirectUris`\" pulumi-lang-java=\"`validRedirectUris`\"\u003e`valid_redirect_uris`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`webOrigins`\" pulumi-lang-dotnet=\"`WebOrigins`\" pulumi-lang-go=\"`webOrigins`\" pulumi-lang-python=\"`web_origins`\" pulumi-lang-yaml=\"`webOrigins`\" pulumi-lang-java=\"`webOrigins`\"\u003e`web_origins`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`adminUrl`\" pulumi-lang-dotnet=\"`AdminUrl`\" pulumi-lang-go=\"`adminUrl`\" pulumi-lang-python=\"`admin_url`\" pulumi-lang-yaml=\"`adminUrl`\" pulumi-lang-java=\"`adminUrl`\"\u003e`admin_url`\u003c/span\u003e. NOTE: Due to limitations in the Keycloak API, when the \u003cspan pulumi-lang-nodejs=\"`rootUrl`\" pulumi-lang-dotnet=\"`RootUrl`\" pulumi-lang-go=\"`rootUrl`\" pulumi-lang-python=\"`root_url`\" pulumi-lang-yaml=\"`rootUrl`\" pulumi-lang-java=\"`rootUrl`\"\u003e`root_url`\u003c/span\u003e attribute is used, the \u003cspan pulumi-lang-nodejs=\"`validRedirectUris`\" pulumi-lang-dotnet=\"`ValidRedirectUris`\" pulumi-lang-go=\"`validRedirectUris`\" pulumi-lang-python=\"`valid_redirect_uris`\" pulumi-lang-yaml=\"`validRedirectUris`\" pulumi-lang-java=\"`validRedirectUris`\"\u003e`valid_redirect_uris`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`webOrigins`\" pulumi-lang-dotnet=\"`WebOrigins`\" pulumi-lang-go=\"`webOrigins`\" pulumi-lang-python=\"`web_origins`\" pulumi-lang-yaml=\"`webOrigins`\" pulumi-lang-java=\"`webOrigins`\"\u003e`web_origins`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`adminUrl`\" pulumi-lang-dotnet=\"`AdminUrl`\" pulumi-lang-go=\"`adminUrl`\" pulumi-lang-python=\"`admin_url`\" pulumi-lang-yaml=\"`adminUrl`\" pulumi-lang-java=\"`adminUrl`\"\u003e`admin_url`\u003c/span\u003e attributes will be required.\n"},"serviceAccountUserId":{"type":"string","description":"(Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.\n"},"serviceAccountsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"standardFlowEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"standardTokenExchangeEnabled":{"type":"boolean","description":"Enables support for Standard Token Exchange\n"},"useRefreshTokens":{"type":"boolean","description":"If this is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be created and added to the token response. If this is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e then no\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be generated. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"useRefreshTokensClientCredentials":{"type":"boolean","description":"If this is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be created and added to the token response if the\u003cspan pulumi-lang-nodejs=\" clientCredentials \" pulumi-lang-dotnet=\" ClientCredentials \" pulumi-lang-go=\" clientCredentials \" pulumi-lang-python=\" client_credentials \" pulumi-lang-yaml=\" clientCredentials \" pulumi-lang-java=\" clientCredentials \"\u003e client_credentials \u003c/span\u003egrant is used and a user session will be created. If this is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e then no\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"validPostLogoutRedirectUris":{"type":"array","items":{"type":"string"},"description":"A list of valid URIs a browser is permitted to redirect to after a successful logout.\n"},"validRedirectUris":{"type":"array","items":{"type":"string"},"description":"A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either \u003cspan pulumi-lang-nodejs=\"`standardFlowEnabled`\" pulumi-lang-dotnet=\"`StandardFlowEnabled`\" pulumi-lang-go=\"`standardFlowEnabled`\" pulumi-lang-python=\"`standard_flow_enabled`\" pulumi-lang-yaml=\"`standardFlowEnabled`\" pulumi-lang-java=\"`standardFlowEnabled`\"\u003e`standard_flow_enabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`implicitFlowEnabled`\" pulumi-lang-dotnet=\"`ImplicitFlowEnabled`\" pulumi-lang-go=\"`implicitFlowEnabled`\" pulumi-lang-python=\"`implicit_flow_enabled`\" pulumi-lang-yaml=\"`implicitFlowEnabled`\" pulumi-lang-java=\"`implicitFlowEnabled`\"\u003e`implicit_flow_enabled`\u003c/span\u003e\nis set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"webOrigins":{"type":"array","items":{"type":"string"},"description":"A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\n"}},"required":["accessTokenLifespan","accessType","adminUrl","baseUrl","clientId","clientOfflineSessionIdleTimeout","clientOfflineSessionMaxLifespan","clientSecret","clientSessionIdleTimeout","clientSessionMaxLifespan","consentRequired","consentScreenText","directAccessGrantsEnabled","displayOnConsentScreen","excludeIssuerFromAuthResponse","excludeSessionStateFromAuthResponse","frontchannelLogoutEnabled","implicitFlowEnabled","name","realmId","requireDpopBoundTokens","resourceServerId","rootUrl","serviceAccountUserId","serviceAccountsEnabled","standardFlowEnabled","validPostLogoutRedirectUris","validRedirectUris","webOrigins"],"inputProperties":{"accessTokenLifespan":{"type":"string","description":"The amount of time in seconds before an access token expires. This will override the default for the realm.\n"},"accessType":{"type":"string","description":"Specifies the type of client, which can be one of the following:\n- `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating.\nThis client should be used for applications using the Authorization Code or Client Credentials grant flows.\n- `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect\nURIs for security. This client should be used for applications using the Implicit grant flow.\n- `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests.\n"},"adminUrl":{"type":"string","description":"URL to the admin interface of the client.\n"},"allowRefreshTokenInStandardTokenExchange":{"type":"string","description":"Defines whether to allow refresh token in Standard Token Exchange. Possible values are `NO` (default) and `SAME_SESSION`.\n"},"alwaysDisplayInConsole":{"type":"boolean","description":"Always list this client in the Account UI, even if the user does not have an active session.\n"},"authenticationFlowBindingOverrides":{"$ref":"#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides","description":"Override realm authentication flow bindings\n"},"authorization":{"$ref":"#/types/keycloak:openid/ClientAuthorization:ClientAuthorization","description":"When this block is present, fine-grained authorization will be enabled for this client. The client's \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e must be `CONFIDENTIAL`, and \u003cspan pulumi-lang-nodejs=\"`serviceAccountsEnabled`\" pulumi-lang-dotnet=\"`ServiceAccountsEnabled`\" pulumi-lang-go=\"`serviceAccountsEnabled`\" pulumi-lang-python=\"`service_accounts_enabled`\" pulumi-lang-yaml=\"`serviceAccountsEnabled`\" pulumi-lang-java=\"`serviceAccountsEnabled`\"\u003e`service_accounts_enabled`\u003c/span\u003e must be \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e. This block has the following arguments:\n"},"backchannelLogoutRevokeOfflineSessions":{"type":"boolean","description":"Specifying whether a \u003cspan pulumi-lang-nodejs=\"\"revokeOfflineAccess\"\" pulumi-lang-dotnet=\"\"RevokeOfflineAccess\"\" pulumi-lang-go=\"\"revokeOfflineAccess\"\" pulumi-lang-python=\"\"revoke_offline_access\"\" pulumi-lang-yaml=\"\"revokeOfflineAccess\"\" pulumi-lang-java=\"\"revokeOfflineAccess\"\"\u003e\"revoke_offline_access\"\u003c/span\u003e event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.\n"},"backchannelLogoutSessionRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"backchannelLogoutUrl":{"type":"string","description":"The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case.\n"},"baseUrl":{"type":"string","description":"Default URL to use when the auth server needs to redirect or link back to the client.\n"},"clientAuthenticatorType":{"type":"string","description":"Defaults to `client-secret`. The authenticator type for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types:\n- `client-secret` (Default) Use client id and client secret to authenticate client.\n- `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n- `client-x509` Use x509 certificate to authenticate client. Set Subject DN in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.x509.subjectdn = \u003csubjectDn\u003e`\n- `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n"},"clientId":{"type":"string","description":"The Client ID for this client, referenced in the URI during authentication and in issued tokens.\n"},"clientOfflineSessionIdleTimeout":{"type":"string","description":"Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.\n"},"clientOfflineSessionMaxLifespan":{"type":"string","description":"Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.\n"},"clientSecret":{"type":"string","description":"The secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak.\n","secret":true},"clientSecretRegenerateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"Arbitrary map of values that, when changed, will trigger rotation of the secret. NOTE! Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e attribute and can't be used together\n"},"clientSecretWo":{"type":"string","description":"**NOTE:** This field is write-only and its value will not be updated in state as part of read operations.\nThe secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This is a write-only argument and Terraform does not store them in state or plan files. If omitted, this will fallback to use \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e.\n","secret":true},"clientSecretWoVersion":{"type":"integer","description":"Functions as a flag and/or trigger to indicate Terraform when to use the input value in \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e to execute a Create or Update operation. The value of this argument is stored in the state and plan files. Required when using \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e.\n"},"clientSessionIdleTimeout":{"type":"string","description":"Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value.\n"},"clientSessionMaxLifespan":{"type":"string","description":"Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value.\n"},"consentRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users have to consent to client access. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"consentScreenText":{"type":"string","description":"The text to display on the consent screen about permissions specific to this client. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`displayOnConsentScreen`\" pulumi-lang-dotnet=\"`DisplayOnConsentScreen`\" pulumi-lang-go=\"`displayOnConsentScreen`\" pulumi-lang-python=\"`display_on_consent_screen`\" pulumi-lang-yaml=\"`displayOnConsentScreen`\" pulumi-lang-java=\"`displayOnConsentScreen`\"\u003e`display_on_consent_screen`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"description":{"type":"string","description":"The description of this client in the GUI.\n"},"directAccessGrantsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayOnConsentScreen":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the consent screen will display information about the client itself. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`consentRequired`\" pulumi-lang-dotnet=\"`ConsentRequired`\" pulumi-lang-go=\"`consentRequired`\" pulumi-lang-python=\"`consent_required`\" pulumi-lang-yaml=\"`consentRequired`\" pulumi-lang-java=\"`consentRequired`\"\u003e`consent_required`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this client will not be able to initiate a login or obtain access tokens. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"excludeIssuerFromAuthResponse":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the parameter \u003cspan pulumi-lang-nodejs=\"`iss`\" pulumi-lang-dotnet=\"`Iss`\" pulumi-lang-go=\"`iss`\" pulumi-lang-python=\"`iss`\" pulumi-lang-yaml=\"`iss`\" pulumi-lang-java=\"`iss`\"\u003e`iss`\u003c/span\u003e will not be included in OpenID Connect Authentication Response.\n"},"excludeSessionStateFromAuthResponse":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the parameter \u003cspan pulumi-lang-nodejs=\"`sessionState`\" pulumi-lang-dotnet=\"`SessionState`\" pulumi-lang-go=\"`sessionState`\" pulumi-lang-python=\"`session_state`\" pulumi-lang-yaml=\"`sessionState`\" pulumi-lang-java=\"`sessionState`\"\u003e`session_state`\u003c/span\u003e will not be included in OpenID Connect Authentication Response.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. For example, the \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e map can be used to set Authentication Context Class Reference (ACR) to Level of Authentication (LoA) mapping\n"},"frontchannelLogoutEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, frontchannel logout will be enabled for this client. Specify the url with \u003cspan pulumi-lang-nodejs=\"`frontchannelLogoutUrl`\" pulumi-lang-dotnet=\"`FrontchannelLogoutUrl`\" pulumi-lang-go=\"`frontchannelLogoutUrl`\" pulumi-lang-python=\"`frontchannel_logout_url`\" pulumi-lang-yaml=\"`frontchannelLogoutUrl`\" pulumi-lang-java=\"`frontchannelLogoutUrl`\"\u003e`frontchannel_logout_url`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"frontchannelLogoutUrl":{"type":"string","description":"The frontchannel logout url. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`frontchannelLogoutEnabled`\" pulumi-lang-dotnet=\"`FrontchannelLogoutEnabled`\" pulumi-lang-go=\"`frontchannelLogoutEnabled`\" pulumi-lang-python=\"`frontchannel_logout_enabled`\" pulumi-lang-yaml=\"`frontchannelLogoutEnabled`\" pulumi-lang-java=\"`frontchannelLogoutEnabled`\"\u003e`frontchannel_logout_enabled`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullScopeAllowed":{"type":"boolean","description":"Allow to include all roles mappings in the access token.\n"},"implicitFlowEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Implicit Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the client with the specified \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as \u003cspan pulumi-lang-nodejs=\"`account`\" pulumi-lang-dotnet=\"`Account`\" pulumi-lang-go=\"`account`\" pulumi-lang-python=\"`account`\" pulumi-lang-yaml=\"`account`\" pulumi-lang-java=\"`account`\"\u003e`account`\u003c/span\u003e and `admin-cli`. Note, that the client will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n","willReplaceOnChanges":true},"loginTheme":{"type":"string","description":"The client login theme. This will override the default theme for the realm.\n"},"name":{"type":"string","description":"The display name of this client in the GUI.\n"},"oauth2DeviceAuthorizationGrantEnabled":{"type":"boolean","description":"Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.\n"},"oauth2DeviceCodeLifespan":{"type":"string","description":"The maximum amount of time a client has to finish the device code flow before it expires.\n"},"oauth2DevicePollingInterval":{"type":"string","description":"The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n"},"pkceCodeChallengeMethod":{"type":"string","description":"The challenge method to use for Proof Key for Code Exchange. Can be either \u003cspan pulumi-lang-nodejs=\"`plain`\" pulumi-lang-dotnet=\"`Plain`\" pulumi-lang-go=\"`plain`\" pulumi-lang-python=\"`plain`\" pulumi-lang-yaml=\"`plain`\" pulumi-lang-java=\"`plain`\"\u003e`plain`\u003c/span\u003e or `S256` or set to empty value ``.\n"},"realmId":{"type":"string","description":"The realm this client is attached to.\n","willReplaceOnChanges":true},"requireDpopBoundTokens":{"type":"boolean","description":"Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens.\n"},"rootUrl":{"type":"string","description":"When specified, this URL is prepended to any relative URLs found within \u003cspan pulumi-lang-nodejs=\"`validRedirectUris`\" pulumi-lang-dotnet=\"`ValidRedirectUris`\" pulumi-lang-go=\"`validRedirectUris`\" pulumi-lang-python=\"`valid_redirect_uris`\" pulumi-lang-yaml=\"`validRedirectUris`\" pulumi-lang-java=\"`validRedirectUris`\"\u003e`valid_redirect_uris`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`webOrigins`\" pulumi-lang-dotnet=\"`WebOrigins`\" pulumi-lang-go=\"`webOrigins`\" pulumi-lang-python=\"`web_origins`\" pulumi-lang-yaml=\"`webOrigins`\" pulumi-lang-java=\"`webOrigins`\"\u003e`web_origins`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`adminUrl`\" pulumi-lang-dotnet=\"`AdminUrl`\" pulumi-lang-go=\"`adminUrl`\" pulumi-lang-python=\"`admin_url`\" pulumi-lang-yaml=\"`adminUrl`\" pulumi-lang-java=\"`adminUrl`\"\u003e`admin_url`\u003c/span\u003e. NOTE: Due to limitations in the Keycloak API, when the \u003cspan pulumi-lang-nodejs=\"`rootUrl`\" pulumi-lang-dotnet=\"`RootUrl`\" pulumi-lang-go=\"`rootUrl`\" pulumi-lang-python=\"`root_url`\" pulumi-lang-yaml=\"`rootUrl`\" pulumi-lang-java=\"`rootUrl`\"\u003e`root_url`\u003c/span\u003e attribute is used, the \u003cspan pulumi-lang-nodejs=\"`validRedirectUris`\" pulumi-lang-dotnet=\"`ValidRedirectUris`\" pulumi-lang-go=\"`validRedirectUris`\" pulumi-lang-python=\"`valid_redirect_uris`\" pulumi-lang-yaml=\"`validRedirectUris`\" pulumi-lang-java=\"`validRedirectUris`\"\u003e`valid_redirect_uris`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`webOrigins`\" pulumi-lang-dotnet=\"`WebOrigins`\" pulumi-lang-go=\"`webOrigins`\" pulumi-lang-python=\"`web_origins`\" pulumi-lang-yaml=\"`webOrigins`\" pulumi-lang-java=\"`webOrigins`\"\u003e`web_origins`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`adminUrl`\" pulumi-lang-dotnet=\"`AdminUrl`\" pulumi-lang-go=\"`adminUrl`\" pulumi-lang-python=\"`admin_url`\" pulumi-lang-yaml=\"`adminUrl`\" pulumi-lang-java=\"`adminUrl`\"\u003e`admin_url`\u003c/span\u003e attributes will be required.\n"},"serviceAccountsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"standardFlowEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"standardTokenExchangeEnabled":{"type":"boolean","description":"Enables support for Standard Token Exchange\n"},"useRefreshTokens":{"type":"boolean","description":"If this is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be created and added to the token response. If this is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e then no\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be generated. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"useRefreshTokensClientCredentials":{"type":"boolean","description":"If this is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be created and added to the token response if the\u003cspan pulumi-lang-nodejs=\" clientCredentials \" pulumi-lang-dotnet=\" ClientCredentials \" pulumi-lang-go=\" clientCredentials \" pulumi-lang-python=\" client_credentials \" pulumi-lang-yaml=\" clientCredentials \" pulumi-lang-java=\" clientCredentials \"\u003e client_credentials \u003c/span\u003egrant is used and a user session will be created. If this is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e then no\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"validPostLogoutRedirectUris":{"type":"array","items":{"type":"string"},"description":"A list of valid URIs a browser is permitted to redirect to after a successful logout.\n"},"validRedirectUris":{"type":"array","items":{"type":"string"},"description":"A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either \u003cspan pulumi-lang-nodejs=\"`standardFlowEnabled`\" pulumi-lang-dotnet=\"`StandardFlowEnabled`\" pulumi-lang-go=\"`standardFlowEnabled`\" pulumi-lang-python=\"`standard_flow_enabled`\" pulumi-lang-yaml=\"`standardFlowEnabled`\" pulumi-lang-java=\"`standardFlowEnabled`\"\u003e`standard_flow_enabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`implicitFlowEnabled`\" pulumi-lang-dotnet=\"`ImplicitFlowEnabled`\" pulumi-lang-go=\"`implicitFlowEnabled`\" pulumi-lang-python=\"`implicit_flow_enabled`\" pulumi-lang-yaml=\"`implicitFlowEnabled`\" pulumi-lang-java=\"`implicitFlowEnabled`\"\u003e`implicit_flow_enabled`\u003c/span\u003e\nis set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"webOrigins":{"type":"array","items":{"type":"string"},"description":"A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\n"}},"requiredInputs":["accessType","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Client resources.\n","properties":{"accessTokenLifespan":{"type":"string","description":"The amount of time in seconds before an access token expires. This will override the default for the realm.\n"},"accessType":{"type":"string","description":"Specifies the type of client, which can be one of the following:\n- `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating.\nThis client should be used for applications using the Authorization Code or Client Credentials grant flows.\n- `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect\nURIs for security. This client should be used for applications using the Implicit grant flow.\n- `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests.\n"},"adminUrl":{"type":"string","description":"URL to the admin interface of the client.\n"},"allowRefreshTokenInStandardTokenExchange":{"type":"string","description":"Defines whether to allow refresh token in Standard Token Exchange. Possible values are `NO` (default) and `SAME_SESSION`.\n"},"alwaysDisplayInConsole":{"type":"boolean","description":"Always list this client in the Account UI, even if the user does not have an active session.\n"},"authenticationFlowBindingOverrides":{"$ref":"#/types/keycloak:openid/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides","description":"Override realm authentication flow bindings\n"},"authorization":{"$ref":"#/types/keycloak:openid/ClientAuthorization:ClientAuthorization","description":"When this block is present, fine-grained authorization will be enabled for this client. The client's \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e must be `CONFIDENTIAL`, and \u003cspan pulumi-lang-nodejs=\"`serviceAccountsEnabled`\" pulumi-lang-dotnet=\"`ServiceAccountsEnabled`\" pulumi-lang-go=\"`serviceAccountsEnabled`\" pulumi-lang-python=\"`service_accounts_enabled`\" pulumi-lang-yaml=\"`serviceAccountsEnabled`\" pulumi-lang-java=\"`serviceAccountsEnabled`\"\u003e`service_accounts_enabled`\u003c/span\u003e must be \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e. This block has the following arguments:\n"},"backchannelLogoutRevokeOfflineSessions":{"type":"boolean","description":"Specifying whether a \u003cspan pulumi-lang-nodejs=\"\"revokeOfflineAccess\"\" pulumi-lang-dotnet=\"\"RevokeOfflineAccess\"\" pulumi-lang-go=\"\"revokeOfflineAccess\"\" pulumi-lang-python=\"\"revoke_offline_access\"\" pulumi-lang-yaml=\"\"revokeOfflineAccess\"\" pulumi-lang-java=\"\"revokeOfflineAccess\"\"\u003e\"revoke_offline_access\"\u003c/span\u003e event is included in the Logout Token when the Backchannel Logout URL is used. Keycloak will revoke offline sessions when receiving a Logout Token with this event.\n"},"backchannelLogoutSessionRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a sid (session ID) claim will be included in the logout token when the backchannel logout URL is used. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"backchannelLogoutUrl":{"type":"string","description":"The URL that will cause the client to log itself out when a logout request is sent to this realm. If omitted, no logout request will be sent to the client is this case.\n"},"baseUrl":{"type":"string","description":"Default URL to use when the auth server needs to redirect or link back to the client.\n"},"clientAuthenticatorType":{"type":"string","description":"Defaults to `client-secret`. The authenticator type for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. A default Keycloak installation will have the following available types:\n- `client-secret` (Default) Use client id and client secret to authenticate client.\n- `client-jwt` Use signed JWT to authenticate client. Set signing algorithm in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n- `client-x509` Use x509 certificate to authenticate client. Set Subject DN in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.x509.subjectdn = \u003csubjectDn\u003e`\n- `client-secret-jwt` Use signed JWT with client secret to authenticate client. Set signing algorithm in \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e with `attributes.token.endpoint.auth.signing.alg = \u003calg\u003e`\n"},"clientId":{"type":"string","description":"The Client ID for this client, referenced in the URI during authentication and in issued tokens.\n"},"clientOfflineSessionIdleTimeout":{"type":"string","description":"Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value.\n"},"clientOfflineSessionMaxLifespan":{"type":"string","description":"Max time before a client session is expired. Tokens are invalidated when a client session is expired. If not set, it uses the standard SSO Session Max value.\n"},"clientSecret":{"type":"string","description":"The secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak.\n","secret":true},"clientSecretRegenerateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"Arbitrary map of values that, when changed, will trigger rotation of the secret. NOTE! Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`clientSecretWoVersion`\" pulumi-lang-dotnet=\"`ClientSecretWoVersion`\" pulumi-lang-go=\"`clientSecretWoVersion`\" pulumi-lang-python=\"`client_secret_wo_version`\" pulumi-lang-yaml=\"`clientSecretWoVersion`\" pulumi-lang-java=\"`clientSecretWoVersion`\"\u003e`client_secret_wo_version`\u003c/span\u003e attribute and can't be used together\n"},"clientSecretWo":{"type":"string","description":"**NOTE:** This field is write-only and its value will not be updated in state as part of read operations.\nThe secret for clients with an \u003cspan pulumi-lang-nodejs=\"`accessType`\" pulumi-lang-dotnet=\"`AccessType`\" pulumi-lang-go=\"`accessType`\" pulumi-lang-python=\"`access_type`\" pulumi-lang-yaml=\"`accessType`\" pulumi-lang-java=\"`accessType`\"\u003e`access_type`\u003c/span\u003e of `CONFIDENTIAL` or `BEARER-ONLY`. This is a write-only argument and Terraform does not store them in state or plan files. If omitted, this will fallback to use \u003cspan pulumi-lang-nodejs=\"`clientSecret`\" pulumi-lang-dotnet=\"`ClientSecret`\" pulumi-lang-go=\"`clientSecret`\" pulumi-lang-python=\"`client_secret`\" pulumi-lang-yaml=\"`clientSecret`\" pulumi-lang-java=\"`clientSecret`\"\u003e`client_secret`\u003c/span\u003e.\n","secret":true},"clientSecretWoVersion":{"type":"integer","description":"Functions as a flag and/or trigger to indicate Terraform when to use the input value in \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e to execute a Create or Update operation. The value of this argument is stored in the state and plan files. Required when using \u003cspan pulumi-lang-nodejs=\"`clientSecretWo`\" pulumi-lang-dotnet=\"`ClientSecretWo`\" pulumi-lang-go=\"`clientSecretWo`\" pulumi-lang-python=\"`client_secret_wo`\" pulumi-lang-yaml=\"`clientSecretWo`\" pulumi-lang-java=\"`clientSecretWo`\"\u003e`client_secret_wo`\u003c/span\u003e.\n"},"clientSessionIdleTimeout":{"type":"string","description":"Time a client offline session is allowed to be idle before it expires. Offline tokens are invalidated when a client offline session is expired. If not set it uses the Offline Session Idle value.\n"},"clientSessionMaxLifespan":{"type":"string","description":"Max time before a client offline session is expired. Offline tokens are invalidated when a client offline session is expired. If not set, it uses the Offline Session Max value.\n"},"consentRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users have to consent to client access. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"consentScreenText":{"type":"string","description":"The text to display on the consent screen about permissions specific to this client. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`displayOnConsentScreen`\" pulumi-lang-dotnet=\"`DisplayOnConsentScreen`\" pulumi-lang-go=\"`displayOnConsentScreen`\" pulumi-lang-python=\"`display_on_consent_screen`\" pulumi-lang-yaml=\"`displayOnConsentScreen`\" pulumi-lang-java=\"`displayOnConsentScreen`\"\u003e`display_on_consent_screen`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"description":{"type":"string","description":"The description of this client in the GUI.\n"},"directAccessGrantsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayOnConsentScreen":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the consent screen will display information about the client itself. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`consentRequired`\" pulumi-lang-dotnet=\"`ConsentRequired`\" pulumi-lang-go=\"`consentRequired`\" pulumi-lang-python=\"`consent_required`\" pulumi-lang-yaml=\"`consentRequired`\" pulumi-lang-java=\"`consentRequired`\"\u003e`consent_required`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this client will not be able to initiate a login or obtain access tokens. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"excludeIssuerFromAuthResponse":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the parameter \u003cspan pulumi-lang-nodejs=\"`iss`\" pulumi-lang-dotnet=\"`Iss`\" pulumi-lang-go=\"`iss`\" pulumi-lang-python=\"`iss`\" pulumi-lang-yaml=\"`iss`\" pulumi-lang-java=\"`iss`\"\u003e`iss`\u003c/span\u003e will not be included in OpenID Connect Authentication Response.\n"},"excludeSessionStateFromAuthResponse":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the parameter \u003cspan pulumi-lang-nodejs=\"`sessionState`\" pulumi-lang-dotnet=\"`SessionState`\" pulumi-lang-go=\"`sessionState`\" pulumi-lang-python=\"`session_state`\" pulumi-lang-yaml=\"`sessionState`\" pulumi-lang-java=\"`sessionState`\"\u003e`session_state`\u003c/span\u003e will not be included in OpenID Connect Authentication Response.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client. This can be used for custom attributes, or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. For example, the \u003cspan pulumi-lang-nodejs=\"`extraConfig`\" pulumi-lang-dotnet=\"`ExtraConfig`\" pulumi-lang-go=\"`extraConfig`\" pulumi-lang-python=\"`extra_config`\" pulumi-lang-yaml=\"`extraConfig`\" pulumi-lang-java=\"`extraConfig`\"\u003e`extra_config`\u003c/span\u003e map can be used to set Authentication Context Class Reference (ACR) to Level of Authentication (LoA) mapping\n"},"frontchannelLogoutEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, frontchannel logout will be enabled for this client. Specify the url with \u003cspan pulumi-lang-nodejs=\"`frontchannelLogoutUrl`\" pulumi-lang-dotnet=\"`FrontchannelLogoutUrl`\" pulumi-lang-go=\"`frontchannelLogoutUrl`\" pulumi-lang-python=\"`frontchannel_logout_url`\" pulumi-lang-yaml=\"`frontchannelLogoutUrl`\" pulumi-lang-java=\"`frontchannelLogoutUrl`\"\u003e`frontchannel_logout_url`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"frontchannelLogoutUrl":{"type":"string","description":"The frontchannel logout url. This is applicable only when \u003cspan pulumi-lang-nodejs=\"`frontchannelLogoutEnabled`\" pulumi-lang-dotnet=\"`FrontchannelLogoutEnabled`\" pulumi-lang-go=\"`frontchannelLogoutEnabled`\" pulumi-lang-python=\"`frontchannel_logout_enabled`\" pulumi-lang-yaml=\"`frontchannelLogoutEnabled`\" pulumi-lang-java=\"`frontchannelLogoutEnabled`\"\u003e`frontchannel_logout_enabled`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullScopeAllowed":{"type":"boolean","description":"Allow to include all roles mappings in the access token.\n"},"implicitFlowEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Implicit Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"import":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the client with the specified \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is assumed to already exist, and it will be imported into state instead of being created. This attribute is useful when dealing with clients that Keycloak creates automatically during realm creation, such as \u003cspan pulumi-lang-nodejs=\"`account`\" pulumi-lang-dotnet=\"`Account`\" pulumi-lang-go=\"`account`\" pulumi-lang-python=\"`account`\" pulumi-lang-yaml=\"`account`\" pulumi-lang-java=\"`account`\"\u003e`account`\u003c/span\u003e and `admin-cli`. Note, that the client will not be removed during destruction if \u003cspan pulumi-lang-nodejs=\"`import`\" pulumi-lang-dotnet=\"`Import`\" pulumi-lang-go=\"`import`\" pulumi-lang-python=\"`import`\" pulumi-lang-yaml=\"`import`\" pulumi-lang-java=\"`import`\"\u003e`import`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n","willReplaceOnChanges":true},"loginTheme":{"type":"string","description":"The client login theme. This will override the default theme for the realm.\n"},"name":{"type":"string","description":"The display name of this client in the GUI.\n"},"oauth2DeviceAuthorizationGrantEnabled":{"type":"boolean","description":"Enables support for OAuth 2.0 Device Authorization Grant, which means that client is an application on device that has limited input capabilities or lack a suitable browser.\n"},"oauth2DeviceCodeLifespan":{"type":"string","description":"The maximum amount of time a client has to finish the device code flow before it expires.\n"},"oauth2DevicePollingInterval":{"type":"string","description":"The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.\n"},"pkceCodeChallengeMethod":{"type":"string","description":"The challenge method to use for Proof Key for Code Exchange. Can be either \u003cspan pulumi-lang-nodejs=\"`plain`\" pulumi-lang-dotnet=\"`Plain`\" pulumi-lang-go=\"`plain`\" pulumi-lang-python=\"`plain`\" pulumi-lang-yaml=\"`plain`\" pulumi-lang-java=\"`plain`\"\u003e`plain`\u003c/span\u003e or `S256` or set to empty value ``.\n"},"realmId":{"type":"string","description":"The realm this client is attached to.\n","willReplaceOnChanges":true},"requireDpopBoundTokens":{"type":"boolean","description":"Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens.\n"},"resourceServerId":{"type":"string","description":"(Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute).\n"},"rootUrl":{"type":"string","description":"When specified, this URL is prepended to any relative URLs found within \u003cspan pulumi-lang-nodejs=\"`validRedirectUris`\" pulumi-lang-dotnet=\"`ValidRedirectUris`\" pulumi-lang-go=\"`validRedirectUris`\" pulumi-lang-python=\"`valid_redirect_uris`\" pulumi-lang-yaml=\"`validRedirectUris`\" pulumi-lang-java=\"`validRedirectUris`\"\u003e`valid_redirect_uris`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`webOrigins`\" pulumi-lang-dotnet=\"`WebOrigins`\" pulumi-lang-go=\"`webOrigins`\" pulumi-lang-python=\"`web_origins`\" pulumi-lang-yaml=\"`webOrigins`\" pulumi-lang-java=\"`webOrigins`\"\u003e`web_origins`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`adminUrl`\" pulumi-lang-dotnet=\"`AdminUrl`\" pulumi-lang-go=\"`adminUrl`\" pulumi-lang-python=\"`admin_url`\" pulumi-lang-yaml=\"`adminUrl`\" pulumi-lang-java=\"`adminUrl`\"\u003e`admin_url`\u003c/span\u003e. NOTE: Due to limitations in the Keycloak API, when the \u003cspan pulumi-lang-nodejs=\"`rootUrl`\" pulumi-lang-dotnet=\"`RootUrl`\" pulumi-lang-go=\"`rootUrl`\" pulumi-lang-python=\"`root_url`\" pulumi-lang-yaml=\"`rootUrl`\" pulumi-lang-java=\"`rootUrl`\"\u003e`root_url`\u003c/span\u003e attribute is used, the \u003cspan pulumi-lang-nodejs=\"`validRedirectUris`\" pulumi-lang-dotnet=\"`ValidRedirectUris`\" pulumi-lang-go=\"`validRedirectUris`\" pulumi-lang-python=\"`valid_redirect_uris`\" pulumi-lang-yaml=\"`validRedirectUris`\" pulumi-lang-java=\"`validRedirectUris`\"\u003e`valid_redirect_uris`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`webOrigins`\" pulumi-lang-dotnet=\"`WebOrigins`\" pulumi-lang-go=\"`webOrigins`\" pulumi-lang-python=\"`web_origins`\" pulumi-lang-yaml=\"`webOrigins`\" pulumi-lang-java=\"`webOrigins`\"\u003e`web_origins`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`adminUrl`\" pulumi-lang-dotnet=\"`AdminUrl`\" pulumi-lang-go=\"`adminUrl`\" pulumi-lang-python=\"`admin_url`\" pulumi-lang-yaml=\"`adminUrl`\" pulumi-lang-java=\"`adminUrl`\"\u003e`admin_url`\u003c/span\u003e attributes will be required.\n"},"serviceAccountUserId":{"type":"string","description":"(Computed) When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.\n"},"serviceAccountsEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"standardFlowEnabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"standardTokenExchangeEnabled":{"type":"boolean","description":"Enables support for Standard Token Exchange\n"},"useRefreshTokens":{"type":"boolean","description":"If this is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be created and added to the token response. If this is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e then no\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be generated. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"useRefreshTokensClientCredentials":{"type":"boolean","description":"If this is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, a\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be created and added to the token response if the\u003cspan pulumi-lang-nodejs=\" clientCredentials \" pulumi-lang-dotnet=\" ClientCredentials \" pulumi-lang-go=\" clientCredentials \" pulumi-lang-python=\" client_credentials \" pulumi-lang-yaml=\" clientCredentials \" pulumi-lang-java=\" clientCredentials \"\u003e client_credentials \u003c/span\u003egrant is used and a user session will be created. If this is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e then no\u003cspan pulumi-lang-nodejs=\" refreshToken \" pulumi-lang-dotnet=\" RefreshToken \" pulumi-lang-go=\" refreshToken \" pulumi-lang-python=\" refresh_token \" pulumi-lang-yaml=\" refreshToken \" pulumi-lang-java=\" refreshToken \"\u003e refresh_token \u003c/span\u003ewill be generated and the associated user session will be removed, in accordance with OAuth 2.0 RFC6749 Section 4.4.3. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"validPostLogoutRedirectUris":{"type":"array","items":{"type":"string"},"description":"A list of valid URIs a browser is permitted to redirect to after a successful logout.\n"},"validRedirectUris":{"type":"array","items":{"type":"string"},"description":"A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either \u003cspan pulumi-lang-nodejs=\"`standardFlowEnabled`\" pulumi-lang-dotnet=\"`StandardFlowEnabled`\" pulumi-lang-go=\"`standardFlowEnabled`\" pulumi-lang-python=\"`standard_flow_enabled`\" pulumi-lang-yaml=\"`standardFlowEnabled`\" pulumi-lang-java=\"`standardFlowEnabled`\"\u003e`standard_flow_enabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`implicitFlowEnabled`\" pulumi-lang-dotnet=\"`ImplicitFlowEnabled`\" pulumi-lang-go=\"`implicitFlowEnabled`\" pulumi-lang-python=\"`implicit_flow_enabled`\" pulumi-lang-yaml=\"`implicitFlowEnabled`\" pulumi-lang-java=\"`implicitFlowEnabled`\"\u003e`implicit_flow_enabled`\u003c/span\u003e\nis set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"webOrigins":{"type":"array","items":{"type":"string"},"description":"A list of allowed CORS origins. To permit all valid redirect URIs, add `+`. Note that this will not include the `*` wildcard. To permit all origins, explicitly add `*`.\n"}},"type":"object"}},"keycloak:openid/clientAggregatePolicy:ClientAggregatePolicy":{"description":"Allows you to manage aggregate policies.\n\nAggregate policies combine multiple policies into a single policy, allowing you to reuse existing policies to build more complex authorization logic.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst rolePolicy = new keycloak.openid.ClientRolePolicy(\"role_policy\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"role_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n roles: [{\n id: testKeycloakRole.id,\n required: true,\n }],\n});\nconst userPolicy = new keycloak.openid.ClientUserPolicy(\"user_policy\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"user_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n users: [testKeycloakUser.id],\n});\nconst testClientAggregatePolicy = new keycloak.openid.ClientAggregatePolicy(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"aggregate_policy\",\n decisionStrategy: \"AFFIRMATIVE\",\n logic: \"POSITIVE\",\n policies: [\n rolePolicy.id,\n userPolicy.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\nrole_policy = keycloak.openid.ClientRolePolicy(\"role_policy\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"role_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n roles=[{\n \"id\": test_keycloak_role[\"id\"],\n \"required\": True,\n }])\nuser_policy = keycloak.openid.ClientUserPolicy(\"user_policy\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"user_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n users=[test_keycloak_user[\"id\"]])\ntest_client_aggregate_policy = keycloak.openid.ClientAggregatePolicy(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"aggregate_policy\",\n decision_strategy=\"AFFIRMATIVE\",\n logic=\"POSITIVE\",\n policies=[\n role_policy.id,\n user_policy.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var rolePolicy = new Keycloak.OpenId.ClientRolePolicy(\"role_policy\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"role_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Roles = new[]\n {\n new Keycloak.OpenId.Inputs.ClientRolePolicyRoleArgs\n {\n Id = testKeycloakRole.Id,\n Required = true,\n },\n },\n });\n\n var userPolicy = new Keycloak.OpenId.ClientUserPolicy(\"user_policy\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"user_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Users = new[]\n {\n testKeycloakUser.Id,\n },\n });\n\n var testClientAggregatePolicy = new Keycloak.OpenId.ClientAggregatePolicy(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"aggregate_policy\",\n DecisionStrategy = \"AFFIRMATIVE\",\n Logic = \"POSITIVE\",\n Policies = new[]\n {\n rolePolicy.Id,\n userPolicy.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trolePolicy, err := openid.NewClientRolePolicy(ctx, \"role_policy\", \u0026openid.ClientRolePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"role_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tRoles: openid.ClientRolePolicyRoleArray{\n\t\t\t\t\u0026openid.ClientRolePolicyRoleArgs{\n\t\t\t\t\tId: pulumi.Any(testKeycloakRole.Id),\n\t\t\t\t\tRequired: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserPolicy, err := openid.NewClientUserPolicy(ctx, \"user_policy\", \u0026openid.ClientUserPolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"user_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tUsers: pulumi.StringArray{\n\t\t\t\ttestKeycloakUser.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAggregatePolicy(ctx, \"test\", \u0026openid.ClientAggregatePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"aggregate_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"AFFIRMATIVE\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\trolePolicy.ID(),\n\t\t\t\tuserPolicy.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.ClientRolePolicy;\nimport com.pulumi.keycloak.openid.ClientRolePolicyArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientRolePolicyRoleArgs;\nimport com.pulumi.keycloak.openid.ClientUserPolicy;\nimport com.pulumi.keycloak.openid.ClientUserPolicyArgs;\nimport com.pulumi.keycloak.openid.ClientAggregatePolicy;\nimport com.pulumi.keycloak.openid.ClientAggregatePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var rolePolicy = new ClientRolePolicy(\"rolePolicy\", ClientRolePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"role_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .roles(ClientRolePolicyRoleArgs.builder()\n .id(testKeycloakRole.id())\n .required(true)\n .build())\n .build());\n\n var userPolicy = new ClientUserPolicy(\"userPolicy\", ClientUserPolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"user_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .users(testKeycloakUser.id())\n .build());\n\n var testClientAggregatePolicy = new ClientAggregatePolicy(\"testClientAggregatePolicy\", ClientAggregatePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"aggregate_policy\")\n .decisionStrategy(\"AFFIRMATIVE\")\n .logic(\"POSITIVE\")\n .policies( \n rolePolicy.id(),\n userPolicy.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n rolePolicy:\n type: keycloak:openid:ClientRolePolicy\n name: role_policy\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: role_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n roles:\n - id: ${testKeycloakRole.id}\n required: true\n userPolicy:\n type: keycloak:openid:ClientUserPolicy\n name: user_policy\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: user_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n users:\n - ${testKeycloakUser.id}\n testClientAggregatePolicy:\n type: keycloak:openid:ClientAggregatePolicy\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: aggregate_policy\n decisionStrategy: AFFIRMATIVE\n logic: POSITIVE\n policies:\n - ${rolePolicy.id}\n - ${userPolicy.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this policy exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Required) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`policies`\" pulumi-lang-dotnet=\"`Policies`\" pulumi-lang-go=\"`policies`\" pulumi-lang-python=\"`policies`\" pulumi-lang-yaml=\"`policies`\" pulumi-lang-java=\"`policies`\"\u003e`policies`\u003c/span\u003e - (Required) A list of policy IDs to aggregate.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the aggregate policy.\n\n## Import\n\nAggregate policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_aggregate_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"required":["decisionStrategy","name","policies","realmId","resourceServerId"],"inputProperties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"requiredInputs":["decisionStrategy","policies","realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientAggregatePolicy resources.\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"type":"object"}},"keycloak:openid/clientAuthorizationClientScopePolicy:ClientAuthorizationClientScopePolicy":{"description":"Allows you to manage openid Client Authorization Client Scope type Policies.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst test1 = new keycloak.openid.ClientScope(\"test1\", {\n realmId: realm.id,\n name: \"test1\",\n description: \"test1\",\n});\nconst test2 = new keycloak.openid.ClientScope(\"test2\", {\n realmId: realm.id,\n name: \"test2\",\n description: \"test2\",\n});\nconst testClientAuthorizationClientScopePolicy = new keycloak.openid.ClientAuthorizationClientScopePolicy(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"test_policy_single\",\n description: \"test\",\n decisionStrategy: \"AFFIRMATIVE\",\n logic: \"POSITIVE\",\n scopes: [{\n id: test1.id,\n required: false,\n }],\n});\nconst testMultiple = new keycloak.openid.ClientAuthorizationClientScopePolicy(\"test_multiple\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"test_policy_multiple\",\n description: \"test\",\n decisionStrategy: \"AFFIRMATIVE\",\n logic: \"POSITIVE\",\n scopes: [\n {\n id: test1.id,\n required: false,\n },\n {\n id: test2.id,\n required: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\ntest1 = keycloak.openid.ClientScope(\"test1\",\n realm_id=realm.id,\n name=\"test1\",\n description=\"test1\")\ntest2 = keycloak.openid.ClientScope(\"test2\",\n realm_id=realm.id,\n name=\"test2\",\n description=\"test2\")\ntest_client_authorization_client_scope_policy = keycloak.openid.ClientAuthorizationClientScopePolicy(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"test_policy_single\",\n description=\"test\",\n decision_strategy=\"AFFIRMATIVE\",\n logic=\"POSITIVE\",\n scopes=[{\n \"id\": test1.id,\n \"required\": False,\n }])\ntest_multiple = keycloak.openid.ClientAuthorizationClientScopePolicy(\"test_multiple\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"test_policy_multiple\",\n description=\"test\",\n decision_strategy=\"AFFIRMATIVE\",\n logic=\"POSITIVE\",\n scopes=[\n {\n \"id\": test1.id,\n \"required\": False,\n },\n {\n \"id\": test2.id,\n \"required\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var test1 = new Keycloak.OpenId.ClientScope(\"test1\", new()\n {\n RealmId = realm.Id,\n Name = \"test1\",\n Description = \"test1\",\n });\n\n var test2 = new Keycloak.OpenId.ClientScope(\"test2\", new()\n {\n RealmId = realm.Id,\n Name = \"test2\",\n Description = \"test2\",\n });\n\n var testClientAuthorizationClientScopePolicy = new Keycloak.OpenId.ClientAuthorizationClientScopePolicy(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"test_policy_single\",\n Description = \"test\",\n DecisionStrategy = \"AFFIRMATIVE\",\n Logic = \"POSITIVE\",\n Scopes = new[]\n {\n new Keycloak.OpenId.Inputs.ClientAuthorizationClientScopePolicyScopeArgs\n {\n Id = test1.Id,\n Required = false,\n },\n },\n });\n\n var testMultiple = new Keycloak.OpenId.ClientAuthorizationClientScopePolicy(\"test_multiple\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"test_policy_multiple\",\n Description = \"test\",\n DecisionStrategy = \"AFFIRMATIVE\",\n Logic = \"POSITIVE\",\n Scopes = new[]\n {\n new Keycloak.OpenId.Inputs.ClientAuthorizationClientScopePolicyScopeArgs\n {\n Id = test1.Id,\n Required = false,\n },\n new Keycloak.OpenId.Inputs.ClientAuthorizationClientScopePolicyScopeArgs\n {\n Id = test2.Id,\n Required = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest1, err := openid.NewClientScope(ctx, \"test1\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test1\"),\n\t\t\tDescription: pulumi.String(\"test1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest2, err := openid.NewClientScope(ctx, \"test2\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test2\"),\n\t\t\tDescription: pulumi.String(\"test2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationClientScopePolicy(ctx, \"test\", \u0026openid.ClientAuthorizationClientScopePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test_policy_single\"),\n\t\t\tDescription: pulumi.String(\"test\"),\n\t\t\tDecisionStrategy: pulumi.String(\"AFFIRMATIVE\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tScopes: openid.ClientAuthorizationClientScopePolicyScopeArray{\n\t\t\t\t\u0026openid.ClientAuthorizationClientScopePolicyScopeArgs{\n\t\t\t\t\tId: test1.ID(),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationClientScopePolicy(ctx, \"test_multiple\", \u0026openid.ClientAuthorizationClientScopePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test_policy_multiple\"),\n\t\t\tDescription: pulumi.String(\"test\"),\n\t\t\tDecisionStrategy: pulumi.String(\"AFFIRMATIVE\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tScopes: openid.ClientAuthorizationClientScopePolicyScopeArray{\n\t\t\t\t\u0026openid.ClientAuthorizationClientScopePolicyScopeArgs{\n\t\t\t\t\tId: test1.ID(),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\t\u0026openid.ClientAuthorizationClientScopePolicyScopeArgs{\n\t\t\t\t\tId: test2.ID(),\n\t\t\t\t\tRequired: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationClientScopePolicy;\nimport com.pulumi.keycloak.openid.ClientAuthorizationClientScopePolicyArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationClientScopePolicyScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var test1 = new ClientScope(\"test1\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test1\")\n .description(\"test1\")\n .build());\n\n var test2 = new ClientScope(\"test2\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test2\")\n .description(\"test2\")\n .build());\n\n var testClientAuthorizationClientScopePolicy = new ClientAuthorizationClientScopePolicy(\"testClientAuthorizationClientScopePolicy\", ClientAuthorizationClientScopePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"test_policy_single\")\n .description(\"test\")\n .decisionStrategy(\"AFFIRMATIVE\")\n .logic(\"POSITIVE\")\n .scopes(ClientAuthorizationClientScopePolicyScopeArgs.builder()\n .id(test1.id())\n .required(false)\n .build())\n .build());\n\n var testMultiple = new ClientAuthorizationClientScopePolicy(\"testMultiple\", ClientAuthorizationClientScopePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"test_policy_multiple\")\n .description(\"test\")\n .decisionStrategy(\"AFFIRMATIVE\")\n .logic(\"POSITIVE\")\n .scopes( \n ClientAuthorizationClientScopePolicyScopeArgs.builder()\n .id(test1.id())\n .required(false)\n .build(),\n ClientAuthorizationClientScopePolicyScopeArgs.builder()\n .id(test2.id())\n .required(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n test1:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n name: test1\n description: test1\n test2:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n name: test2\n description: test2\n testClientAuthorizationClientScopePolicy:\n type: keycloak:openid:ClientAuthorizationClientScopePolicy\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: test_policy_single\n description: test\n decisionStrategy: AFFIRMATIVE\n logic: POSITIVE\n scopes:\n - id: ${test1.id}\n required: false\n testMultiple:\n type: keycloak:openid:ClientAuthorizationClientScopePolicy\n name: test_multiple\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: test_policy_multiple\n description: test\n decisionStrategy: AFFIRMATIVE\n logic: POSITIVE\n scopes:\n - id: ${test1.id}\n required: false\n - id: ${test2.id}\n required: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this group exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Optional) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`. Defaults to `UNANIMOUS`.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`scope`\" pulumi-lang-dotnet=\"`Scope`\" pulumi-lang-go=\"`scope`\" pulumi-lang-python=\"`scope`\" pulumi-lang-yaml=\"`scope`\" pulumi-lang-java=\"`scope`\"\u003e`scope`\u003c/span\u003e - An client scope to add client scope. At least one should be defined.\n\n### Scope Arguments\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Required) Id of client scope.\n- \u003cspan pulumi-lang-nodejs=\"`required`\" pulumi-lang-dotnet=\"`Required`\" pulumi-lang-go=\"`required`\" pulumi-lang-python=\"`required`\" pulumi-lang-yaml=\"`required`\" pulumi-lang-java=\"`required`\"\u003e`required`\u003c/span\u003e - (Optional) When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, then this client scope will be set as required. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the policy.\n\n## Import\n\nClient authorization policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_authorization_client_scope_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"scopes":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientAuthorizationClientScopePolicyScope:ClientAuthorizationClientScopePolicyScope"}}},"required":["name","realmId","resourceServerId","scopes"],"inputProperties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"scopes":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientAuthorizationClientScopePolicyScope:ClientAuthorizationClientScopePolicyScope"}}},"requiredInputs":["realmId","resourceServerId","scopes"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientAuthorizationClientScopePolicy resources.\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"scopes":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientAuthorizationClientScopePolicyScope:ClientAuthorizationClientScopePolicyScope"}}},"type":"object"}},"keycloak:openid/clientAuthorizationPermission:ClientAuthorizationPermission":{"description":"Allows you to manage openid Client Authorization Permissions.\n\n## Import\n\nClient authorization permissions can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{permissionId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_authorization_permission.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"name":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"resourceType":{"type":"string"},"resources":{"type":"array","items":{"type":"string"}},"scopes":{"type":"array","items":{"type":"string"}},"type":{"type":"string"}},"required":["name","realmId","resourceServerId"],"inputProperties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"name":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}},"realmId":{"type":"string","willReplaceOnChanges":true},"resourceServerId":{"type":"string","willReplaceOnChanges":true},"resourceType":{"type":"string"},"resources":{"type":"array","items":{"type":"string"}},"scopes":{"type":"array","items":{"type":"string"}},"type":{"type":"string"}},"requiredInputs":["realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientAuthorizationPermission resources.\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"name":{"type":"string"},"policies":{"type":"array","items":{"type":"string"}},"realmId":{"type":"string","willReplaceOnChanges":true},"resourceServerId":{"type":"string","willReplaceOnChanges":true},"resourceType":{"type":"string"},"resources":{"type":"array","items":{"type":"string"}},"scopes":{"type":"array","items":{"type":"string"}},"type":{"type":"string"}},"type":"object"}},"keycloak:openid/clientAuthorizationResource:ClientAuthorizationResource":{"description":"Allows you to manage openid Client Authorization Resources.\n\nAuthorization resources represent the protected resources in your application. Each resource can have associated scopes, URIs, and attributes.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst readScope = new keycloak.openid.ClientAuthorizationScope(\"read_scope\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"read\",\n});\nconst writeScope = new keycloak.openid.ClientAuthorizationScope(\"write_scope\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"write\",\n});\nconst testClientAuthorizationResource = new keycloak.openid.ClientAuthorizationResource(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"my_resource\",\n displayName: \"My Resource\",\n uris: [\n \"/api/resource/*\",\n \"/api/resource/**\",\n ],\n scopes: [\n readScope.name,\n writeScope.name,\n ],\n type: \"http://example.com/resource-type\",\n attributes: {\n key1: \"value1,value2\",\n key2: \"value3\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\nread_scope = keycloak.openid.ClientAuthorizationScope(\"read_scope\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"read\")\nwrite_scope = keycloak.openid.ClientAuthorizationScope(\"write_scope\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"write\")\ntest_client_authorization_resource = keycloak.openid.ClientAuthorizationResource(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"my_resource\",\n display_name=\"My Resource\",\n uris=[\n \"/api/resource/*\",\n \"/api/resource/**\",\n ],\n scopes=[\n read_scope.name,\n write_scope.name,\n ],\n type=\"http://example.com/resource-type\",\n attributes={\n \"key1\": \"value1,value2\",\n \"key2\": \"value3\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var readScope = new Keycloak.OpenId.ClientAuthorizationScope(\"read_scope\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"read\",\n });\n\n var writeScope = new Keycloak.OpenId.ClientAuthorizationScope(\"write_scope\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"write\",\n });\n\n var testClientAuthorizationResource = new Keycloak.OpenId.ClientAuthorizationResource(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"my_resource\",\n DisplayName = \"My Resource\",\n Uris = new[]\n {\n \"/api/resource/*\",\n \"/api/resource/**\",\n },\n Scopes = new[]\n {\n readScope.Name,\n writeScope.Name,\n },\n Type = \"http://example.com/resource-type\",\n Attributes = \n {\n { \"key1\", \"value1,value2\" },\n { \"key2\", \"value3\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treadScope, err := openid.NewClientAuthorizationScope(ctx, \"read_scope\", \u0026openid.ClientAuthorizationScopeArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"read\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twriteScope, err := openid.NewClientAuthorizationScope(ctx, \"write_scope\", \u0026openid.ClientAuthorizationScopeArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"write\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationResource(ctx, \"test\", \u0026openid.ClientAuthorizationResourceArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my_resource\"),\n\t\t\tDisplayName: pulumi.String(\"My Resource\"),\n\t\t\tUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"/api/resource/*\"),\n\t\t\t\tpulumi.String(\"/api/resource/**\"),\n\t\t\t},\n\t\t\tScopes: pulumi.StringArray{\n\t\t\t\treadScope.Name,\n\t\t\t\twriteScope.Name,\n\t\t\t},\n\t\t\tType: pulumi.String(\"http://example.com/resource-type\"),\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"value1,value2\"),\n\t\t\t\t\"key2\": pulumi.String(\"value3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationScope;\nimport com.pulumi.keycloak.openid.ClientAuthorizationScopeArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResource;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var readScope = new ClientAuthorizationScope(\"readScope\", ClientAuthorizationScopeArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"read\")\n .build());\n\n var writeScope = new ClientAuthorizationScope(\"writeScope\", ClientAuthorizationScopeArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"write\")\n .build());\n\n var testClientAuthorizationResource = new ClientAuthorizationResource(\"testClientAuthorizationResource\", ClientAuthorizationResourceArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"my_resource\")\n .displayName(\"My Resource\")\n .uris( \n \"/api/resource/*\",\n \"/api/resource/**\")\n .scopes( \n readScope.name(),\n writeScope.name())\n .type(\"http://example.com/resource-type\")\n .attributes(Map.ofEntries(\n Map.entry(\"key1\", \"value1,value2\"),\n Map.entry(\"key2\", \"value3\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n readScope:\n type: keycloak:openid:ClientAuthorizationScope\n name: read_scope\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: read\n writeScope:\n type: keycloak:openid:ClientAuthorizationScope\n name: write_scope\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: write\n testClientAuthorizationResource:\n type: keycloak:openid:ClientAuthorizationResource\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: my_resource\n displayName: My Resource\n uris:\n - /api/resource/*\n - /api/resource/**\n scopes:\n - ${readScope.name}\n - ${writeScope.name}\n type: http://example.com/resource-type\n attributes:\n key1: value1,value2\n key2: value3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this resource exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the resource.\n- \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`display_name`\u003c/span\u003e - (Optional) The display name of the resource.\n- \u003cspan pulumi-lang-nodejs=\"`uris`\" pulumi-lang-dotnet=\"`Uris`\" pulumi-lang-go=\"`uris`\" pulumi-lang-python=\"`uris`\" pulumi-lang-yaml=\"`uris`\" pulumi-lang-java=\"`uris`\"\u003e`uris`\u003c/span\u003e - (Optional) A set of URIs that this resource represents.\n- \u003cspan pulumi-lang-nodejs=\"`iconUri`\" pulumi-lang-dotnet=\"`IconUri`\" pulumi-lang-go=\"`iconUri`\" pulumi-lang-python=\"`icon_uri`\" pulumi-lang-yaml=\"`iconUri`\" pulumi-lang-java=\"`iconUri`\"\u003e`icon_uri`\u003c/span\u003e - (Optional) An icon URI for the resource.\n- \u003cspan pulumi-lang-nodejs=\"`ownerManagedAccess`\" pulumi-lang-dotnet=\"`OwnerManagedAccess`\" pulumi-lang-go=\"`ownerManagedAccess`\" pulumi-lang-python=\"`owner_managed_access`\" pulumi-lang-yaml=\"`ownerManagedAccess`\" pulumi-lang-java=\"`ownerManagedAccess`\"\u003e`owner_managed_access`\u003c/span\u003e - (Optional) When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this resource supports user-managed access. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n- \u003cspan pulumi-lang-nodejs=\"`scopes`\" pulumi-lang-dotnet=\"`Scopes`\" pulumi-lang-go=\"`scopes`\" pulumi-lang-python=\"`scopes`\" pulumi-lang-yaml=\"`scopes`\" pulumi-lang-java=\"`scopes`\"\u003e`scopes`\u003c/span\u003e - (Optional) A set of scope names that this resource uses.\n- \u003cspan pulumi-lang-nodejs=\"`type`\" pulumi-lang-dotnet=\"`Type`\" pulumi-lang-go=\"`type`\" pulumi-lang-python=\"`type`\" pulumi-lang-yaml=\"`type`\" pulumi-lang-java=\"`type`\"\u003e`type`\u003c/span\u003e - (Optional) The type of this resource (e.g., `urn:myapp:resources:default`).\n- \u003cspan pulumi-lang-nodejs=\"`attributes`\" pulumi-lang-dotnet=\"`Attributes`\" pulumi-lang-go=\"`attributes`\" pulumi-lang-python=\"`attributes`\" pulumi-lang-yaml=\"`attributes`\" pulumi-lang-java=\"`attributes`\"\u003e`attributes`\u003c/span\u003e - (Optional) A map of attributes for the resource. Values can be comma-separated lists.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Resource ID representing the authorization resource.\n\n## Import\n\nClient authorization resources can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{authorizationResourceId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_authorization_resource.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"}},"displayName":{"type":"string"},"iconUri":{"type":"string"},"name":{"type":"string"},"ownerManagedAccess":{"type":"boolean"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"scopes":{"type":"array","items":{"type":"string"}},"type":{"type":"string"},"uris":{"type":"array","items":{"type":"string"}}},"required":["name","realmId","resourceServerId"],"inputProperties":{"attributes":{"type":"object","additionalProperties":{"type":"string"}},"displayName":{"type":"string"},"iconUri":{"type":"string"},"name":{"type":"string"},"ownerManagedAccess":{"type":"boolean"},"realmId":{"type":"string","willReplaceOnChanges":true},"resourceServerId":{"type":"string","willReplaceOnChanges":true},"scopes":{"type":"array","items":{"type":"string"}},"type":{"type":"string"},"uris":{"type":"array","items":{"type":"string"}}},"requiredInputs":["realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientAuthorizationResource resources.\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"}},"displayName":{"type":"string"},"iconUri":{"type":"string"},"name":{"type":"string"},"ownerManagedAccess":{"type":"boolean"},"realmId":{"type":"string","willReplaceOnChanges":true},"resourceServerId":{"type":"string","willReplaceOnChanges":true},"scopes":{"type":"array","items":{"type":"string"}},"type":{"type":"string"},"uris":{"type":"array","items":{"type":"string"}}},"type":"object"}},"keycloak:openid/clientAuthorizationScope:ClientAuthorizationScope":{"description":"Allows you to manage openid Client Authorization Scopes.\n\nAuthorization scopes represent the actions that can be performed on resources. They are used in permissions to define what operations are allowed.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst read = new keycloak.openid.ClientAuthorizationScope(\"read\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"read\",\n displayName: \"Read Access\",\n iconUri: \"https://example.com/icons/read.png\",\n});\nconst write = new keycloak.openid.ClientAuthorizationScope(\"write\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"write\",\n displayName: \"Write Access\",\n});\nconst _delete = new keycloak.openid.ClientAuthorizationScope(\"delete\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"delete\",\n displayName: \"Delete Access\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\nread = keycloak.openid.ClientAuthorizationScope(\"read\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"read\",\n display_name=\"Read Access\",\n icon_uri=\"https://example.com/icons/read.png\")\nwrite = keycloak.openid.ClientAuthorizationScope(\"write\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"write\",\n display_name=\"Write Access\")\ndelete = keycloak.openid.ClientAuthorizationScope(\"delete\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"delete\",\n display_name=\"Delete Access\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var read = new Keycloak.OpenId.ClientAuthorizationScope(\"read\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"read\",\n DisplayName = \"Read Access\",\n IconUri = \"https://example.com/icons/read.png\",\n });\n\n var write = new Keycloak.OpenId.ClientAuthorizationScope(\"write\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"write\",\n DisplayName = \"Write Access\",\n });\n\n var delete = new Keycloak.OpenId.ClientAuthorizationScope(\"delete\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"delete\",\n DisplayName = \"Delete Access\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationScope(ctx, \"read\", \u0026openid.ClientAuthorizationScopeArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"read\"),\n\t\t\tDisplayName: pulumi.String(\"Read Access\"),\n\t\t\tIconUri: pulumi.String(\"https://example.com/icons/read.png\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationScope(ctx, \"write\", \u0026openid.ClientAuthorizationScopeArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"write\"),\n\t\t\tDisplayName: pulumi.String(\"Write Access\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationScope(ctx, \"delete\", \u0026openid.ClientAuthorizationScopeArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"delete\"),\n\t\t\tDisplayName: pulumi.String(\"Delete Access\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationScope;\nimport com.pulumi.keycloak.openid.ClientAuthorizationScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var read = new ClientAuthorizationScope(\"read\", ClientAuthorizationScopeArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"read\")\n .displayName(\"Read Access\")\n .iconUri(\"https://example.com/icons/read.png\")\n .build());\n\n var write = new ClientAuthorizationScope(\"write\", ClientAuthorizationScopeArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"write\")\n .displayName(\"Write Access\")\n .build());\n\n var delete = new ClientAuthorizationScope(\"delete\", ClientAuthorizationScopeArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"delete\")\n .displayName(\"Delete Access\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n read:\n type: keycloak:openid:ClientAuthorizationScope\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: read\n displayName: Read Access\n iconUri: https://example.com/icons/read.png\n write:\n type: keycloak:openid:ClientAuthorizationScope\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: write\n displayName: Write Access\n delete:\n type: keycloak:openid:ClientAuthorizationScope\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: delete\n displayName: Delete Access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this scope exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the scope.\n- \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`display_name`\u003c/span\u003e - (Optional) The display name of the scope.\n- \u003cspan pulumi-lang-nodejs=\"`iconUri`\" pulumi-lang-dotnet=\"`IconUri`\" pulumi-lang-go=\"`iconUri`\" pulumi-lang-python=\"`icon_uri`\" pulumi-lang-yaml=\"`iconUri`\" pulumi-lang-java=\"`iconUri`\"\u003e`icon_uri`\u003c/span\u003e - (Optional) An icon URI for the scope.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Scope ID representing the authorization scope.\n\n## Import\n\nClient authorization scopes can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{authorizationScopeId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_authorization_scope.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"displayName":{"type":"string"},"iconUri":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"required":["name","realmId","resourceServerId"],"inputProperties":{"displayName":{"type":"string"},"iconUri":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string","willReplaceOnChanges":true},"resourceServerId":{"type":"string","willReplaceOnChanges":true}},"requiredInputs":["realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientAuthorizationScope resources.\n","properties":{"displayName":{"type":"string"},"iconUri":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string","willReplaceOnChanges":true},"resourceServerId":{"type":"string","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/clientDefaultScopes:ClientDefaultScopes":{"description":"Allows for managing a Keycloak client's default client scopes. A default scope that is attached to a client using the\nOpenID Connect protocol will automatically use the protocol mappers defined within that scope to build claims for this\nclient regardless of the provided OAuth2.0 \u003cspan pulumi-lang-nodejs=\"`scope`\" pulumi-lang-dotnet=\"`Scope`\" pulumi-lang-go=\"`scope`\" pulumi-lang-python=\"`scope`\" pulumi-lang-yaml=\"`scope`\" pulumi-lang-java=\"`scope`\"\u003e`scope`\u003c/span\u003e parameter.\n\nNote that this resource attempts to be an **authoritative** source over default scopes for a Keycloak client using the\nOpenID Connect protocol. This means that once Terraform controls a particular client's default scopes, it will attempt to\nremove any default scopes that were attached manually, and it will attempt to add any default scopes that were detached\nmanually.\n\nBy default, Keycloak sets the \u003cspan pulumi-lang-nodejs=\"`profile`\" pulumi-lang-dotnet=\"`Profile`\" pulumi-lang-go=\"`profile`\" pulumi-lang-python=\"`profile`\" pulumi-lang-yaml=\"`profile`\" pulumi-lang-java=\"`profile`\"\u003e`profile`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`email`\" pulumi-lang-dotnet=\"`Email`\" pulumi-lang-go=\"`email`\" pulumi-lang-python=\"`email`\" pulumi-lang-yaml=\"`email`\" pulumi-lang-java=\"`email`\"\u003e`email`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`roles`\" pulumi-lang-dotnet=\"`Roles`\" pulumi-lang-go=\"`roles`\" pulumi-lang-python=\"`roles`\" pulumi-lang-yaml=\"`roles`\" pulumi-lang-java=\"`roles`\"\u003e`roles`\u003c/span\u003e, and `web-origins` scopes as default scopes for every newly\ncreated client. If you create this resource for the first time and do not include these scopes, a following run of\n`pulumi preview` will result in changes.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n accessType: \"CONFIDENTIAL\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst clientDefaultScopes = new keycloak.openid.ClientDefaultScopes(\"client_default_scopes\", {\n realmId: realm.id,\n clientId: client.id,\n defaultScopes: [\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n access_type=\"CONFIDENTIAL\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nclient_default_scopes = keycloak.openid.ClientDefaultScopes(\"client_default_scopes\",\n realm_id=realm.id,\n client_id=client.id,\n default_scopes=[\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n AccessType = \"CONFIDENTIAL\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes(\"client_default_scopes\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n DefaultScopes = new[]\n {\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientDefaultScopes(ctx, \"client_default_scopes\", \u0026openid.ClientDefaultScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"profile\"),\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"roles\"),\n\t\t\t\tpulumi.String(\"web-origins\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientDefaultScopes;\nimport com.pulumi.keycloak.openid.ClientDefaultScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"test-client\")\n .accessType(\"CONFIDENTIAL\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var clientDefaultScopes = new ClientDefaultScopes(\"clientDefaultScopes\", ClientDefaultScopesArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .defaultScopes( \n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n accessType: CONFIDENTIAL\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n clientDefaultScopes:\n type: keycloak:openid:ClientDefaultScopes\n name: client_default_scopes\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n defaultScopes:\n - profile\n - email\n - roles\n - web-origins\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n\n","properties":{"clientId":{"type":"string","description":"The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n"},"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n"}},"required":["clientId","defaultScopes","realmId"],"inputProperties":{"clientId":{"type":"string","description":"The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n","willReplaceOnChanges":true},"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["clientId","defaultScopes","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientDefaultScopes resources.\n","properties":{"clientId":{"type":"string","description":"The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n","willReplaceOnChanges":true},"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/clientGroupPolicy:ClientGroupPolicy":{"description":"Allows you to manage group policies.\n\nGroup policies allow you to define conditions based on group membership. You can specify whether child groups should be included in the evaluation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst group1 = new keycloak.Group(\"group1\", {\n realmId: realm.id,\n name: \"group1\",\n});\nconst group2 = new keycloak.Group(\"group2\", {\n realmId: realm.id,\n name: \"group2\",\n});\nconst testClientGroupPolicy = new keycloak.openid.ClientGroupPolicy(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"group_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n groups: [\n {\n id: group1.id,\n path: group1.path,\n extendChildren: false,\n },\n {\n id: group2.id,\n path: group2.path,\n extendChildren: true,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\ngroup1 = keycloak.Group(\"group1\",\n realm_id=realm.id,\n name=\"group1\")\ngroup2 = keycloak.Group(\"group2\",\n realm_id=realm.id,\n name=\"group2\")\ntest_client_group_policy = keycloak.openid.ClientGroupPolicy(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"group_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n groups=[\n {\n \"id\": group1.id,\n \"path\": group1.path,\n \"extend_children\": False,\n },\n {\n \"id\": group2.id,\n \"path\": group2.path,\n \"extend_children\": True,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var group1 = new Keycloak.Group(\"group1\", new()\n {\n RealmId = realm.Id,\n Name = \"group1\",\n });\n\n var group2 = new Keycloak.Group(\"group2\", new()\n {\n RealmId = realm.Id,\n Name = \"group2\",\n });\n\n var testClientGroupPolicy = new Keycloak.OpenId.ClientGroupPolicy(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"group_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Groups = new[]\n {\n new Keycloak.OpenId.Inputs.ClientGroupPolicyGroupArgs\n {\n Id = group1.Id,\n Path = group1.Path,\n ExtendChildren = false,\n },\n new Keycloak.OpenId.Inputs.ClientGroupPolicyGroupArgs\n {\n Id = group2.Id,\n Path = group2.Path,\n ExtendChildren = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup1, err := keycloak.NewGroup(ctx, \"group1\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"group1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup2, err := keycloak.NewGroup(ctx, \"group2\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"group2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientGroupPolicy(ctx, \"test\", \u0026openid.ClientGroupPolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"group_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tGroups: openid.ClientGroupPolicyGroupArray{\n\t\t\t\t\u0026openid.ClientGroupPolicyGroupArgs{\n\t\t\t\t\tId: group1.ID(),\n\t\t\t\t\tPath: group1.Path,\n\t\t\t\t\tExtendChildren: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\t\u0026openid.ClientGroupPolicyGroupArgs{\n\t\t\t\t\tId: group2.ID(),\n\t\t\t\t\tPath: group2.Path,\n\t\t\t\t\tExtendChildren: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.openid.ClientGroupPolicy;\nimport com.pulumi.keycloak.openid.ClientGroupPolicyArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientGroupPolicyGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var group1 = new Group(\"group1\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"group1\")\n .build());\n\n var group2 = new Group(\"group2\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"group2\")\n .build());\n\n var testClientGroupPolicy = new ClientGroupPolicy(\"testClientGroupPolicy\", ClientGroupPolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"group_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .groups( \n ClientGroupPolicyGroupArgs.builder()\n .id(group1.id())\n .path(group1.path())\n .extendChildren(false)\n .build(),\n ClientGroupPolicyGroupArgs.builder()\n .id(group2.id())\n .path(group2.path())\n .extendChildren(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n group1:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: group1\n group2:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: group2\n testClientGroupPolicy:\n type: keycloak:openid:ClientGroupPolicy\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: group_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n groups:\n - id: ${group1.id}\n path: ${group1.path}\n extendChildren: false\n - id: ${group2.id}\n path: ${group2.path}\n extendChildren: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this policy exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Required) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`groups`\" pulumi-lang-dotnet=\"`Groups`\" pulumi-lang-go=\"`groups`\" pulumi-lang-python=\"`groups`\" pulumi-lang-yaml=\"`groups`\" pulumi-lang-java=\"`groups`\"\u003e`groups`\u003c/span\u003e - (Required) A list of groups group. At least one group must be defined.\n- \u003cspan pulumi-lang-nodejs=\"`groupsClaim`\" pulumi-lang-dotnet=\"`GroupsClaim`\" pulumi-lang-go=\"`groupsClaim`\" pulumi-lang-python=\"`groups_claim`\" pulumi-lang-yaml=\"`groupsClaim`\" pulumi-lang-java=\"`groupsClaim`\"\u003e`groups_claim`\u003c/span\u003e - (Optional) The name of the claim in the token that contains the group information.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n\n### Group Arguments\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Required) The ID of the group.\n- \u003cspan pulumi-lang-nodejs=\"`path`\" pulumi-lang-dotnet=\"`Path`\" pulumi-lang-go=\"`path`\" pulumi-lang-python=\"`path`\" pulumi-lang-yaml=\"`path`\" pulumi-lang-java=\"`path`\"\u003e`path`\u003c/span\u003e - (Required) The path of the group.\n- \u003cspan pulumi-lang-nodejs=\"`extendChildren`\" pulumi-lang-dotnet=\"`ExtendChildren`\" pulumi-lang-go=\"`extendChildren`\" pulumi-lang-python=\"`extend_children`\" pulumi-lang-yaml=\"`extendChildren`\" pulumi-lang-java=\"`extendChildren`\"\u003e`extend_children`\u003c/span\u003e - (Required) When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the policy will also apply to all child groups of this group.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the group policy.\n\n## Import\n\nGroup policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_group_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"groups":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientGroupPolicyGroup:ClientGroupPolicyGroup"}},"groupsClaim":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"required":["decisionStrategy","groups","name","realmId","resourceServerId"],"inputProperties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"groups":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientGroupPolicyGroup:ClientGroupPolicyGroup"}},"groupsClaim":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"requiredInputs":["decisionStrategy","groups","realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientGroupPolicy resources.\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"groups":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientGroupPolicyGroup:ClientGroupPolicyGroup"}},"groupsClaim":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"type":"object"}},"keycloak:openid/clientJsPolicy:ClientJsPolicy":{"description":"Allows you to manage JavaScript policies.\n\nJavaScript policies allow you to define conditions using JavaScript code. This provides maximum flexibility for implementing custom authorization logic.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst testClientJsPolicy = new keycloak.openid.ClientJsPolicy(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"js_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n code: `var context = evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (email.endsWith('@example.com')) {\n evaluation.grant();\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\ntest_client_js_policy = keycloak.openid.ClientJsPolicy(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"js_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n code=\"\"\"var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (email.endsWith('@example.com')) {\n $evaluation.grant();\n}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var testClientJsPolicy = new Keycloak.OpenId.ClientJsPolicy(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"js_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Code = @\"var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (email.endsWith('@example.com')) {\n $evaluation.grant();\n}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientJsPolicy(ctx, \"test\", \u0026openid.ClientJsPolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"js_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tCode: pulumi.String(`var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (email.endsWith('@example.com')) {\n $evaluation.grant();\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.ClientJsPolicy;\nimport com.pulumi.keycloak.openid.ClientJsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var testClientJsPolicy = new ClientJsPolicy(\"testClientJsPolicy\", ClientJsPolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"js_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .code(\"\"\"\nvar context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (email.endsWith('@example.com')) {\n $evaluation.grant();\n}\n \"\"\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n testClientJsPolicy:\n type: keycloak:openid:ClientJsPolicy\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: js_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n code: |\n var context = $evaluation.getContext();\n var identity = context.getIdentity();\n var attributes = identity.getAttributes();\n var email = attributes.getValue('email').asString(0);\n\n if (email.endsWith('@example.com')) {\n $evaluation.grant();\n }\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this policy exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Required) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`.\n- \u003cspan pulumi-lang-nodejs=\"`code`\" pulumi-lang-dotnet=\"`Code`\" pulumi-lang-go=\"`code`\" pulumi-lang-python=\"`code`\" pulumi-lang-yaml=\"`code`\" pulumi-lang-java=\"`code`\"\u003e`code`\u003c/span\u003e - (Required) The JavaScript code to execute for this policy.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`type`\" pulumi-lang-dotnet=\"`Type`\" pulumi-lang-go=\"`type`\" pulumi-lang-python=\"`type`\" pulumi-lang-yaml=\"`type`\" pulumi-lang-java=\"`type`\"\u003e`type`\u003c/span\u003e - (Optional) The type of the policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`js`\" pulumi-lang-dotnet=\"`Js`\" pulumi-lang-go=\"`js`\" pulumi-lang-python=\"`js`\" pulumi-lang-yaml=\"`js`\" pulumi-lang-java=\"`js`\"\u003e`js`\u003c/span\u003e.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the JavaScript policy.\n\n## Import\n\nJavaScript policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_js_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"code":{"type":"string"},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"type":{"type":"string"}},"required":["code","decisionStrategy","name","realmId","resourceServerId"],"inputProperties":{"code":{"type":"string"},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"type":{"type":"string"}},"requiredInputs":["code","decisionStrategy","realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientJsPolicy resources.\n","properties":{"code":{"type":"string"},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"type":{"type":"string"}},"type":"object"}},"keycloak:openid/clientOptionalScopes:ClientOptionalScopes":{"description":"Allows for managing a Keycloak client's optional client scopes. An optional scope that is attached to a client using the\nOpenID Connect protocol will allow a client to request it using the OAuth 2.0 \u003cspan pulumi-lang-nodejs=\"`scope`\" pulumi-lang-dotnet=\"`Scope`\" pulumi-lang-go=\"`scope`\" pulumi-lang-python=\"`scope`\" pulumi-lang-yaml=\"`scope`\" pulumi-lang-java=\"`scope`\"\u003e`scope`\u003c/span\u003e parameter. When requested, the scope's\nprotocol mappers defined within that scope will be used to build claims for this client.\n\nNote that this resource attempts to be an **authoritative** source over optional scopes for a Keycloak client using the\nOpenID Connect protocol. This means that once Terraform controls a particular client's optional scopes, it will attempt\nto remove any optional scopes that were attached manually, and it will attempt to add any optional scopes that were detached\nmanually.\n\nBy default, Keycloak sets the \u003cspan pulumi-lang-nodejs=\"`address`\" pulumi-lang-dotnet=\"`Address`\" pulumi-lang-go=\"`address`\" pulumi-lang-python=\"`address`\" pulumi-lang-yaml=\"`address`\" pulumi-lang-java=\"`address`\"\u003e`address`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`phone`\" pulumi-lang-dotnet=\"`Phone`\" pulumi-lang-go=\"`phone`\" pulumi-lang-python=\"`phone`\" pulumi-lang-yaml=\"`phone`\" pulumi-lang-java=\"`phone`\"\u003e`phone`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`offlineAccess`\" pulumi-lang-dotnet=\"`OfflineAccess`\" pulumi-lang-go=\"`offlineAccess`\" pulumi-lang-python=\"`offline_access`\" pulumi-lang-yaml=\"`offlineAccess`\" pulumi-lang-java=\"`offlineAccess`\"\u003e`offline_access`\u003c/span\u003e, and `microprofile-jwt` scopes as optional scopes for\nevery newly created client. If you create this resource for the first time and do not include these scopes, a following\nrun of `pulumi preview` will result in changes.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n accessType: \"CONFIDENTIAL\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst clientOptionalScopes = new keycloak.openid.ClientOptionalScopes(\"client_optional_scopes\", {\n realmId: realm.id,\n clientId: client.id,\n optionalScopes: [\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n access_type=\"CONFIDENTIAL\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nclient_optional_scopes = keycloak.openid.ClientOptionalScopes(\"client_optional_scopes\",\n realm_id=realm.id,\n client_id=client.id,\n optional_scopes=[\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n AccessType = \"CONFIDENTIAL\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes(\"client_optional_scopes\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n OptionalScopes = new[]\n {\n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientOptionalScopes(ctx, \"client_optional_scopes\", \u0026openid.ClientOptionalScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tOptionalScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"address\"),\n\t\t\t\tpulumi.String(\"phone\"),\n\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\tpulumi.String(\"microprofile-jwt\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientOptionalScopes;\nimport com.pulumi.keycloak.openid.ClientOptionalScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"test-client\")\n .accessType(\"CONFIDENTIAL\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var clientOptionalScopes = new ClientOptionalScopes(\"clientOptionalScopes\", ClientOptionalScopesArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .optionalScopes( \n \"address\",\n \"phone\",\n \"offline_access\",\n \"microprofile-jwt\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n accessType: CONFIDENTIAL\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n clientOptionalScopes:\n type: keycloak:openid:ClientOptionalScopes\n name: client_optional_scopes\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n optionalScopes:\n - address\n - phone\n - offline_access\n - microprofile-jwt\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n\n","properties":{"clientId":{"type":"string","description":"The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n"},"optionalScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client as optional scopes.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n"}},"required":["clientId","optionalScopes","realmId"],"inputProperties":{"clientId":{"type":"string","description":"The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n","willReplaceOnChanges":true},"optionalScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client as optional scopes.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["clientId","optionalScopes","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientOptionalScopes resources.\n","properties":{"clientId":{"type":"string","description":"The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n","willReplaceOnChanges":true},"optionalScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client as optional scopes.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/clientPermissions:ClientPermissions":{"description":"Allows you to manage all openid client Scope Based Permissions.\n\nThis is part of a preview keycloak feature. You need to enable this feature to be able to use this resource. More\ninformation about enabling the preview feature can be found\nhere: https://www.keycloak.org/securing-apps/token-exchange\n\nWhen enabling Openid Client Permissions, Keycloak does several things automatically:\n\n1. Enable Authorization on build-in realm-management client\n1. Create scopes \"view\", \"manage\", \"configure\", \"map-roles\", \"map-roles-client-scope\", \"map-roles-composite\", \"\n token-exchange\"\n1. Create a resource representing the openid client\n1. Create all scope based permission for the scopes and openid client resource\n\nIf the realm-management Authorization is not enable, you have to ceate a dependency (\u003cspan pulumi-lang-nodejs=\"`dependsOn`\" pulumi-lang-dotnet=\"`DependsOn`\" pulumi-lang-go=\"`dependsOn`\" pulumi-lang-python=\"`depends_on`\" pulumi-lang-yaml=\"`dependsOn`\" pulumi-lang-java=\"`dependsOn`\"\u003e`depends_on`\u003c/span\u003e) with the policy and\nthe openid client.\n","properties":{"authorizationResourceServerId":{"type":"string","description":"Resource server id representing the realm management client on which this permission is managed"},"clientId":{"type":"string"},"configureScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsConfigureScope:ClientPermissionsConfigureScope"},"enabled":{"type":"boolean"},"manageScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsManageScope:ClientPermissionsManageScope"},"mapRolesClientScopeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesClientScopeScope:ClientPermissionsMapRolesClientScopeScope"},"mapRolesCompositeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesCompositeScope:ClientPermissionsMapRolesCompositeScope"},"mapRolesScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesScope:ClientPermissionsMapRolesScope"},"realmId":{"type":"string"},"tokenExchangeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsTokenExchangeScope:ClientPermissionsTokenExchangeScope"},"viewScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsViewScope:ClientPermissionsViewScope"}},"required":["authorizationResourceServerId","clientId","enabled","realmId"],"inputProperties":{"clientId":{"type":"string","willReplaceOnChanges":true},"configureScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsConfigureScope:ClientPermissionsConfigureScope"},"manageScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsManageScope:ClientPermissionsManageScope"},"mapRolesClientScopeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesClientScopeScope:ClientPermissionsMapRolesClientScopeScope"},"mapRolesCompositeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesCompositeScope:ClientPermissionsMapRolesCompositeScope"},"mapRolesScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesScope:ClientPermissionsMapRolesScope"},"realmId":{"type":"string","willReplaceOnChanges":true},"tokenExchangeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsTokenExchangeScope:ClientPermissionsTokenExchangeScope"},"viewScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsViewScope:ClientPermissionsViewScope"}},"requiredInputs":["clientId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientPermissions resources.\n","properties":{"authorizationResourceServerId":{"type":"string","description":"Resource server id representing the realm management client on which this permission is managed"},"clientId":{"type":"string","willReplaceOnChanges":true},"configureScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsConfigureScope:ClientPermissionsConfigureScope"},"enabled":{"type":"boolean"},"manageScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsManageScope:ClientPermissionsManageScope"},"mapRolesClientScopeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesClientScopeScope:ClientPermissionsMapRolesClientScopeScope"},"mapRolesCompositeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesCompositeScope:ClientPermissionsMapRolesCompositeScope"},"mapRolesScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsMapRolesScope:ClientPermissionsMapRolesScope"},"realmId":{"type":"string","willReplaceOnChanges":true},"tokenExchangeScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsTokenExchangeScope:ClientPermissionsTokenExchangeScope"},"viewScope":{"$ref":"#/types/keycloak:openid/ClientPermissionsViewScope:ClientPermissionsViewScope"}},"type":"object"}},"keycloak:openid/clientPolicy:ClientPolicy":{"description":"Allows you to manage client policies.\n\nClient policies allow you to define conditions based on which clients are accessing the resource. This is useful for restricting access to specific clients within your realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst client1 = new keycloak.openid.Client(\"client1\", {\n clientId: \"client1\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst client2 = new keycloak.openid.Client(\"client2\", {\n clientId: \"client2\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst testClientPolicy = new keycloak.openid.ClientPolicy(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"client_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n clients: [\n client1.id,\n client2.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\nclient1 = keycloak.openid.Client(\"client1\",\n client_id=\"client1\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nclient2 = keycloak.openid.Client(\"client2\",\n client_id=\"client2\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\ntest_client_policy = keycloak.openid.ClientPolicy(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"client_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n clients=[\n client1.id,\n client2.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n ClientId = \"client1\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n ClientId = \"client2\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var testClientPolicy = new Keycloak.OpenId.ClientPolicy(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"client_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Clients = new[]\n {\n client1.Id,\n client2.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client1\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client2\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPolicy(ctx, \"test\", \u0026openid.ClientPolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\tclient1.ID(),\n\t\t\t\tclient2.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.ClientPolicy;\nimport com.pulumi.keycloak.openid.ClientPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var client1 = new Client(\"client1\", ClientArgs.builder()\n .clientId(\"client1\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n var client2 = new Client(\"client2\", ClientArgs.builder()\n .clientId(\"client2\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n var testClientPolicy = new ClientPolicy(\"testClientPolicy\", ClientPolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"client_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .clients( \n client1.id(),\n client2.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n client1:\n type: keycloak:openid:Client\n properties:\n clientId: client1\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n client2:\n type: keycloak:openid:Client\n properties:\n clientId: client2\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n testClientPolicy:\n type: keycloak:openid:ClientPolicy\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: client_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n clients:\n - ${client1.id}\n - ${client2.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this policy exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`clients`\" pulumi-lang-dotnet=\"`Clients`\" pulumi-lang-go=\"`clients`\" pulumi-lang-python=\"`clients`\" pulumi-lang-yaml=\"`clients`\" pulumi-lang-java=\"`clients`\"\u003e`clients`\u003c/span\u003e - (Required) A list of client IDs that this policy applies to.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Optional) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the client policy.\n\n## Import\n\nClient policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_client_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"clients":{"type":"array","items":{"type":"string"}},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"required":["clients","name","realmId","resourceServerId"],"inputProperties":{"clients":{"type":"array","items":{"type":"string"}},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"requiredInputs":["clients","realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientPolicy resources.\n","properties":{"clients":{"type":"array","items":{"type":"string"}},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"}},"type":"object"}},"keycloak:openid/clientRolePolicy:ClientRolePolicy":{"description":"Allows you to manage role policies.\n\nRole policies allow you to define conditions based on user role assignments. You can specify whether all roles must be present or just one.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst adminRole = new keycloak.Role(\"admin_role\", {\n realmId: realm.id,\n name: \"admin\",\n});\nconst userRole = new keycloak.Role(\"user_role\", {\n realmId: realm.id,\n name: \"user\",\n});\nconst testClientRolePolicy = new keycloak.openid.ClientRolePolicy(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"role_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n type: \"role\",\n roles: [\n {\n id: adminRole.id,\n required: true,\n },\n {\n id: userRole.id,\n required: false,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\nadmin_role = keycloak.Role(\"admin_role\",\n realm_id=realm.id,\n name=\"admin\")\nuser_role = keycloak.Role(\"user_role\",\n realm_id=realm.id,\n name=\"user\")\ntest_client_role_policy = keycloak.openid.ClientRolePolicy(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"role_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n type=\"role\",\n roles=[\n {\n \"id\": admin_role.id,\n \"required\": True,\n },\n {\n \"id\": user_role.id,\n \"required\": False,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var adminRole = new Keycloak.Role(\"admin_role\", new()\n {\n RealmId = realm.Id,\n Name = \"admin\",\n });\n\n var userRole = new Keycloak.Role(\"user_role\", new()\n {\n RealmId = realm.Id,\n Name = \"user\",\n });\n\n var testClientRolePolicy = new Keycloak.OpenId.ClientRolePolicy(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"role_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Type = \"role\",\n Roles = new[]\n {\n new Keycloak.OpenId.Inputs.ClientRolePolicyRoleArgs\n {\n Id = adminRole.Id,\n Required = true,\n },\n new Keycloak.OpenId.Inputs.ClientRolePolicyRoleArgs\n {\n Id = userRole.Id,\n Required = false,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadminRole, err := keycloak.NewRole(ctx, \"admin_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserRole, err := keycloak.NewRole(ctx, \"user_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientRolePolicy(ctx, \"test\", \u0026openid.ClientRolePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"role_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tType: pulumi.String(\"role\"),\n\t\t\tRoles: openid.ClientRolePolicyRoleArray{\n\t\t\t\t\u0026openid.ClientRolePolicyRoleArgs{\n\t\t\t\t\tId: adminRole.ID(),\n\t\t\t\t\tRequired: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t\u0026openid.ClientRolePolicyRoleArgs{\n\t\t\t\t\tId: userRole.ID(),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientRolePolicy;\nimport com.pulumi.keycloak.openid.ClientRolePolicyArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientRolePolicyRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"admin\")\n .build());\n\n var userRole = new Role(\"userRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"user\")\n .build());\n\n var testClientRolePolicy = new ClientRolePolicy(\"testClientRolePolicy\", ClientRolePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"role_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .type(\"role\")\n .roles( \n ClientRolePolicyRoleArgs.builder()\n .id(adminRole.id())\n .required(true)\n .build(),\n ClientRolePolicyRoleArgs.builder()\n .id(userRole.id())\n .required(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n adminRole:\n type: keycloak:Role\n name: admin_role\n properties:\n realmId: ${realm.id}\n name: admin\n userRole:\n type: keycloak:Role\n name: user_role\n properties:\n realmId: ${realm.id}\n name: user\n testClientRolePolicy:\n type: keycloak:openid:ClientRolePolicy\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: role_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n type: role\n roles:\n - id: ${adminRole.id}\n required: true\n - id: ${userRole.id}\n required: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this policy exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`type`\" pulumi-lang-dotnet=\"`Type`\" pulumi-lang-go=\"`type`\" pulumi-lang-python=\"`type`\" pulumi-lang-yaml=\"`type`\" pulumi-lang-java=\"`type`\"\u003e`type`\u003c/span\u003e - (Required) The type of policy. Must be \u003cspan pulumi-lang-nodejs=\"`role`\" pulumi-lang-dotnet=\"`Role`\" pulumi-lang-go=\"`role`\" pulumi-lang-python=\"`role`\" pulumi-lang-yaml=\"`role`\" pulumi-lang-java=\"`role`\"\u003e`role`\u003c/span\u003e.\n- \u003cspan pulumi-lang-nodejs=\"`role`\" pulumi-lang-dotnet=\"`Role`\" pulumi-lang-go=\"`role`\" pulumi-lang-python=\"`role`\" pulumi-lang-yaml=\"`role`\" pulumi-lang-java=\"`role`\"\u003e`role`\u003c/span\u003e - (Required) A list of roles role. At least one role must be defined.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Optional) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`fetchRoles`\" pulumi-lang-dotnet=\"`FetchRoles`\" pulumi-lang-go=\"`fetchRoles`\" pulumi-lang-python=\"`fetch_roles`\" pulumi-lang-yaml=\"`fetchRoles`\" pulumi-lang-java=\"`fetchRoles`\"\u003e`fetch_roles`\u003c/span\u003e - (Optional) When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, roles will be fetched from the user's claims. Available in Keycloak 25+.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n\n### Role Arguments\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - (Required) The ID of the role.\n- \u003cspan pulumi-lang-nodejs=\"`required`\" pulumi-lang-dotnet=\"`Required`\" pulumi-lang-go=\"`required`\" pulumi-lang-python=\"`required`\" pulumi-lang-yaml=\"`required`\" pulumi-lang-java=\"`required`\"\u003e`required`\u003c/span\u003e - (Required) When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this role must be present for the policy to grant access.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the role policy.\n\n## Import\n\nRole policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_role_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"fetchRoles":{"type":"boolean"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"roles":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientRolePolicyRole:ClientRolePolicyRole"}},"type":{"type":"string"}},"required":["name","realmId","resourceServerId","roles","type"],"inputProperties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"fetchRoles":{"type":"boolean"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"roles":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientRolePolicyRole:ClientRolePolicyRole"}},"type":{"type":"string"}},"requiredInputs":["realmId","resourceServerId","roles","type"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientRolePolicy resources.\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"fetchRoles":{"type":"boolean"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"roles":{"type":"array","items":{"$ref":"#/types/keycloak:openid/ClientRolePolicyRole:ClientRolePolicyRole"}},"type":{"type":"string"}},"type":"object"}},"keycloak:openid/clientScope:ClientScope":{"description":"Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also\nbe used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 \u003cspan pulumi-lang-nodejs=\"`scope`\" pulumi-lang-dotnet=\"`Scope`\" pulumi-lang-go=\"`scope`\" pulumi-lang-python=\"`scope`\" pulumi-lang-yaml=\"`scope`\" pulumi-lang-java=\"`scope`\"\u003e`scope`\u003c/span\u003e parameter.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClientScope = new keycloak.openid.ClientScope(\"openid_client_scope\", {\n realmId: realm.id,\n name: \"groups\",\n description: \"When requested, this scope will map a user's group memberships to a claim\",\n includeInTokenScope: true,\n guiOrder: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client_scope = keycloak.openid.ClientScope(\"openid_client_scope\",\n realm_id=realm.id,\n name=\"groups\",\n description=\"When requested, this scope will map a user's group memberships to a claim\",\n include_in_token_scope=True,\n gui_order=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClientScope = new Keycloak.OpenId.ClientScope(\"openid_client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"groups\",\n Description = \"When requested, this scope will map a user's group memberships to a claim\",\n IncludeInTokenScope = true,\n GuiOrder = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientScope(ctx, \"openid_client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"groups\"),\n\t\t\tDescription: pulumi.String(\"When requested, this scope will map a user's group memberships to a claim\"),\n\t\t\tIncludeInTokenScope: pulumi.Bool(true),\n\t\t\tGuiOrder: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClientScope = new ClientScope(\"openidClientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"groups\")\n .description(\"When requested, this scope will map a user's group memberships to a claim\")\n .includeInTokenScope(true)\n .guiOrder(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClientScope:\n type: keycloak:openid:ClientScope\n name: openid_client_scope\n properties:\n realmId: ${realm.id}\n name: groups\n description: When requested, this scope will map a user's group memberships to a claim\n includeInTokenScope: true\n guiOrder: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_scope.openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52\n```\n\n","properties":{"consentScreenText":{"type":"string","description":"When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n"},"description":{"type":"string","description":"The description of this client scope in the GUI.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client scope. This can be used for custom attributes or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"guiOrder":{"type":"integer","description":"Specify order of the client scope in GUI (such as in Consent page) as integer.\n"},"includeInTokenScope":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this client scope in the GUI.\n"},"realmId":{"type":"string","description":"The realm this client scope belongs to.\n"}},"required":["name","realmId"],"inputProperties":{"consentScreenText":{"type":"string","description":"When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n"},"description":{"type":"string","description":"The description of this client scope in the GUI.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client scope. This can be used for custom attributes or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"guiOrder":{"type":"integer","description":"Specify order of the client scope in GUI (such as in Consent page) as integer.\n"},"includeInTokenScope":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this client scope in the GUI.\n"},"realmId":{"type":"string","description":"The realm this client scope belongs to.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientScope resources.\n","properties":{"consentScreenText":{"type":"string","description":"When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n"},"description":{"type":"string","description":"The description of this client scope in the GUI.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client scope. This can be used for custom attributes or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"guiOrder":{"type":"integer","description":"Specify order of the client scope in GUI (such as in Consent page) as integer.\n"},"includeInTokenScope":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this client scope in the GUI.\n"},"realmId":{"type":"string","description":"The realm this client scope belongs to.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole":{"description":"Allows for assigning realm roles to the service account of an openid client.\nYou need to set \u003cspan pulumi-lang-nodejs=\"`serviceAccountsEnabled`\" pulumi-lang-dotnet=\"`ServiceAccountsEnabled`\" pulumi-lang-go=\"`serviceAccountsEnabled`\" pulumi-lang-python=\"`service_accounts_enabled`\" pulumi-lang-yaml=\"`serviceAccountsEnabled`\" pulumi-lang-java=\"`serviceAccountsEnabled`\"\u003e`service_accounts_enabled`\u003c/span\u003e to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for the openid client that should be assigned the role.\n\nIf you'd like to attach client roles to a service account, please use the \u003cspan pulumi-lang-nodejs=\"`keycloak.openid.ClientServiceAccountRole`\" pulumi-lang-dotnet=\"`keycloak.openid.ClientServiceAccountRole`\" pulumi-lang-go=\"`openid.ClientServiceAccountRole`\" pulumi-lang-python=\"`openid.ClientServiceAccountRole`\" pulumi-lang-yaml=\"`keycloak.openid.ClientServiceAccountRole`\" pulumi-lang-java=\"`keycloak.openid.ClientServiceAccountRole`\"\u003e`keycloak.openid.ClientServiceAccountRole`\u003c/span\u003e\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n name: \"client\",\n serviceAccountsEnabled: true,\n});\nconst clientServiceAccountRole = new keycloak.openid.ClientServiceAccountRealmRole(\"client_service_account_role\", {\n realmId: realm.id,\n serviceAccountUserId: client.serviceAccountUserId,\n role: realmRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n name=\"client\",\n service_accounts_enabled=True)\nclient_service_account_role = keycloak.openid.ClientServiceAccountRealmRole(\"client_service_account_role\",\n realm_id=realm.id,\n service_account_user_id=client.service_account_user_id,\n role=realm_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n Name = \"client\",\n ServiceAccountsEnabled = true,\n });\n\n var clientServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRealmRole(\"client_service_account_role\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client.ServiceAccountUserId,\n Role = realmRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRealmRole(ctx, \"client_service_account_role\", \u0026openid.ClientServiceAccountRealmRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client.ServiceAccountUserId,\n\t\t\tRole: realmRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-realm-role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .name(\"client\")\n .serviceAccountsEnabled(true)\n .build());\n\n var clientServiceAccountRole = new ClientServiceAccountRealmRole(\"clientServiceAccountRole\", ClientServiceAccountRealmRoleArgs.builder()\n .realmId(realm.id())\n .serviceAccountUserId(client.serviceAccountUserId())\n .role(realmRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n name: client\n serviceAccountsEnabled: true\n clientServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRealmRole\n name: client_service_account_role\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client.serviceAccountUserId}\n role: ${realmRole.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_service_account_realm_role.client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n","properties":{"realmId":{"type":"string","description":"The realm that the client and role belong to.\n"},"role":{"type":"string","description":"The name of the role that is assigned.\n"},"serviceAccountUserId":{"type":"string","description":"The id of the service account that is assigned the role (the service account of the client that \"consumes\" the role).\n"}},"required":["realmId","role","serviceAccountUserId"],"inputProperties":{"realmId":{"type":"string","description":"The realm that the client and role belong to.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role that is assigned.\n","willReplaceOnChanges":true},"serviceAccountUserId":{"type":"string","description":"The id of the service account that is assigned the role (the service account of the client that \"consumes\" the role).\n","willReplaceOnChanges":true}},"requiredInputs":["realmId","role","serviceAccountUserId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientServiceAccountRealmRole resources.\n","properties":{"realmId":{"type":"string","description":"The realm that the client and role belong to.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role that is assigned.\n","willReplaceOnChanges":true},"serviceAccountUserId":{"type":"string","description":"The id of the service account that is assigned the role (the service account of the client that \"consumes\" the role).\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole":{"description":"Allows for assigning client roles to the service account of an openid client.\nYou need to set \u003cspan pulumi-lang-nodejs=\"`serviceAccountsEnabled`\" pulumi-lang-dotnet=\"`ServiceAccountsEnabled`\" pulumi-lang-go=\"`serviceAccountsEnabled`\" pulumi-lang-python=\"`service_accounts_enabled`\" pulumi-lang-yaml=\"`serviceAccountsEnabled`\" pulumi-lang-java=\"`serviceAccountsEnabled`\"\u003e`service_accounts_enabled`\u003c/span\u003e to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for the openid client that should be assigned the role.\n\nIf you'd like to attach realm roles to a service account, please use the \u003cspan pulumi-lang-nodejs=\"`keycloak.openid.ClientServiceAccountRealmRole`\" pulumi-lang-dotnet=\"`keycloak.openid.ClientServiceAccountRealmRole`\" pulumi-lang-go=\"`openid.ClientServiceAccountRealmRole`\" pulumi-lang-python=\"`openid.ClientServiceAccountRealmRole`\" pulumi-lang-yaml=\"`keycloak.openid.ClientServiceAccountRealmRole`\" pulumi-lang-java=\"`keycloak.openid.ClientServiceAccountRealmRole`\"\u003e`keycloak.openid.ClientServiceAccountRealmRole`\u003c/span\u003e\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// client1 provides a role to other clients\nconst client1 = new keycloak.openid.Client(\"client1\", {\n realmId: realm.id,\n name: \"client1\",\n});\nconst client1Role = new keycloak.Role(\"client1_role\", {\n realmId: realm.id,\n clientId: client1.id,\n name: \"my-client1-role\",\n description: \"A role that client1 provides\",\n});\n// client2 is assigned the role of client1\nconst client2 = new keycloak.openid.Client(\"client2\", {\n realmId: realm.id,\n name: \"client2\",\n serviceAccountsEnabled: true,\n});\nconst client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole(\"client2_service_account_role\", {\n realmId: realm.id,\n serviceAccountUserId: client2.serviceAccountUserId,\n clientId: client1.id,\n role: client1Role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# client1 provides a role to other clients\nclient1 = keycloak.openid.Client(\"client1\",\n realm_id=realm.id,\n name=\"client1\")\nclient1_role = keycloak.Role(\"client1_role\",\n realm_id=realm.id,\n client_id=client1.id,\n name=\"my-client1-role\",\n description=\"A role that client1 provides\")\n# client2 is assigned the role of client1\nclient2 = keycloak.openid.Client(\"client2\",\n realm_id=realm.id,\n name=\"client2\",\n service_accounts_enabled=True)\nclient2_service_account_role = keycloak.openid.ClientServiceAccountRole(\"client2_service_account_role\",\n realm_id=realm.id,\n service_account_user_id=client2.service_account_user_id,\n client_id=client1.id,\n role=client1_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // client1 provides a role to other clients\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n RealmId = realm.Id,\n Name = \"client1\",\n });\n\n var client1Role = new Keycloak.Role(\"client1_role\", new()\n {\n RealmId = realm.Id,\n ClientId = client1.Id,\n Name = \"my-client1-role\",\n Description = \"A role that client1 provides\",\n });\n\n // client2 is assigned the role of client1\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n RealmId = realm.Id,\n Name = \"client2\",\n ServiceAccountsEnabled = true,\n });\n\n var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole(\"client2_service_account_role\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client2.ServiceAccountUserId,\n ClientId = client1.Id,\n Role = client1Role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client1 provides a role to other clients\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1Role, err := keycloak.NewRole(ctx, \"client1_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client1.ID(),\n\t\t\tName: pulumi.String(\"my-client1-role\"),\n\t\t\tDescription: pulumi.String(\"A role that client1 provides\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client2 is assigned the role of client1\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client2\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRole(ctx, \"client2_service_account_role\", \u0026openid.ClientServiceAccountRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client2.ServiceAccountUserId,\n\t\t\tClientId: client1.ID(),\n\t\t\tRole: client1Role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n // client1 provides a role to other clients\n var client1 = new Client(\"client1\", ClientArgs.builder()\n .realmId(realm.id())\n .name(\"client1\")\n .build());\n\n var client1Role = new Role(\"client1Role\", RoleArgs.builder()\n .realmId(realm.id())\n .clientId(client1.id())\n .name(\"my-client1-role\")\n .description(\"A role that client1 provides\")\n .build());\n\n // client2 is assigned the role of client1\n var client2 = new Client(\"client2\", ClientArgs.builder()\n .realmId(realm.id())\n .name(\"client2\")\n .serviceAccountsEnabled(true)\n .build());\n\n var client2ServiceAccountRole = new ClientServiceAccountRole(\"client2ServiceAccountRole\", ClientServiceAccountRoleArgs.builder()\n .realmId(realm.id())\n .serviceAccountUserId(client2.serviceAccountUserId())\n .clientId(client1.id())\n .role(client1Role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # client1 provides a role to other clients\n client1:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n name: client1\n client1Role:\n type: keycloak:Role\n name: client1_role\n properties:\n realmId: ${realm.id}\n clientId: ${client1.id}\n name: my-client1-role\n description: A role that client1 provides\n # client2 is assigned the role of client1\n client2:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n name: client2\n serviceAccountsEnabled: true\n client2ServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRole\n name: client2_service_account_role\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client2.serviceAccountUserId}\n clientId: ${client1.id}\n role: ${client1Role.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_service_account_role.client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n","properties":{"clientId":{"type":"string","description":"The id of the client that provides the role.\n"},"realmId":{"type":"string","description":"The realm the clients and roles belong to.\n"},"role":{"type":"string","description":"The name of the role that is assigned.\n"},"serviceAccountUserId":{"type":"string","description":"The id of the service account that is assigned the role (the service account of the client that \"consumes\" the role).\n"}},"required":["clientId","realmId","role","serviceAccountUserId"],"inputProperties":{"clientId":{"type":"string","description":"The id of the client that provides the role.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm the clients and roles belong to.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role that is assigned.\n","willReplaceOnChanges":true},"serviceAccountUserId":{"type":"string","description":"The id of the service account that is assigned the role (the service account of the client that \"consumes\" the role).\n","willReplaceOnChanges":true}},"requiredInputs":["clientId","realmId","role","serviceAccountUserId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientServiceAccountRole resources.\n","properties":{"clientId":{"type":"string","description":"The id of the client that provides the role.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm the clients and roles belong to.\n","willReplaceOnChanges":true},"role":{"type":"string","description":"The name of the role that is assigned.\n","willReplaceOnChanges":true},"serviceAccountUserId":{"type":"string","description":"The id of the service account that is assigned the role (the service account of the client that \"consumes\" the role).\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/clientTimePolicy:ClientTimePolicy":{"description":"Allows you to manage time policies.\n\nTime policies allow you to define conditions based on time ranges. You can specify when access should be granted using various time constraints including date, month, year, hour, and minute ranges.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\n// Policy for business hours only (9 AM - 5 PM)\nconst businessHours = new keycloak.openid.ClientTimePolicy(\"business_hours\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"business_hours_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n hour: \"09\",\n hourEnd: \"17\",\n});\n// Policy for specific date range\nconst dateRange = new keycloak.openid.ClientTimePolicy(\"date_range\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"date_range_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n notBefore: \"2024-01-01 00:00:00\",\n notOnOrAfter: \"2024-12-31 23:59:59\",\n});\n// Policy for specific months (January to March)\nconst quarter1 = new keycloak.openid.ClientTimePolicy(\"quarter1\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"q1_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n month: \"1\",\n monthEnd: \"3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\n# Policy for business hours only (9 AM - 5 PM)\nbusiness_hours = keycloak.openid.ClientTimePolicy(\"business_hours\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"business_hours_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n hour=\"09\",\n hour_end=\"17\")\n# Policy for specific date range\ndate_range = keycloak.openid.ClientTimePolicy(\"date_range\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"date_range_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n not_before=\"2024-01-01 00:00:00\",\n not_on_or_after=\"2024-12-31 23:59:59\")\n# Policy for specific months (January to March)\nquarter1 = keycloak.openid.ClientTimePolicy(\"quarter1\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"q1_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n month=\"1\",\n month_end=\"3\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n // Policy for business hours only (9 AM - 5 PM)\n var businessHours = new Keycloak.OpenId.ClientTimePolicy(\"business_hours\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"business_hours_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Hour = \"09\",\n HourEnd = \"17\",\n });\n\n // Policy for specific date range\n var dateRange = new Keycloak.OpenId.ClientTimePolicy(\"date_range\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"date_range_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n NotBefore = \"2024-01-01 00:00:00\",\n NotOnOrAfter = \"2024-12-31 23:59:59\",\n });\n\n // Policy for specific months (January to March)\n var quarter1 = new Keycloak.OpenId.ClientTimePolicy(\"quarter1\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"q1_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Month = \"1\",\n MonthEnd = \"3\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Policy for business hours only (9 AM - 5 PM)\n\t\t_, err = openid.NewClientTimePolicy(ctx, \"business_hours\", \u0026openid.ClientTimePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"business_hours_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tHour: pulumi.String(\"09\"),\n\t\t\tHourEnd: pulumi.String(\"17\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Policy for specific date range\n\t\t_, err = openid.NewClientTimePolicy(ctx, \"date_range\", \u0026openid.ClientTimePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"date_range_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tNotBefore: pulumi.String(\"2024-01-01 00:00:00\"),\n\t\t\tNotOnOrAfter: pulumi.String(\"2024-12-31 23:59:59\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Policy for specific months (January to March)\n\t\t_, err = openid.NewClientTimePolicy(ctx, \"quarter1\", \u0026openid.ClientTimePolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"q1_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tMonth: pulumi.String(\"1\"),\n\t\t\tMonthEnd: pulumi.String(\"3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.ClientTimePolicy;\nimport com.pulumi.keycloak.openid.ClientTimePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n // Policy for business hours only (9 AM - 5 PM)\n var businessHours = new ClientTimePolicy(\"businessHours\", ClientTimePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"business_hours_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .hour(\"09\")\n .hourEnd(\"17\")\n .build());\n\n // Policy for specific date range\n var dateRange = new ClientTimePolicy(\"dateRange\", ClientTimePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"date_range_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .notBefore(\"2024-01-01 00:00:00\")\n .notOnOrAfter(\"2024-12-31 23:59:59\")\n .build());\n\n // Policy for specific months (January to March)\n var quarter1 = new ClientTimePolicy(\"quarter1\", ClientTimePolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"q1_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .month(\"1\")\n .monthEnd(\"3\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n # Policy for business hours only (9 AM - 5 PM)\n businessHours:\n type: keycloak:openid:ClientTimePolicy\n name: business_hours\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: business_hours_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n hour: '09'\n hourEnd: '17'\n # Policy for specific date range\n dateRange:\n type: keycloak:openid:ClientTimePolicy\n name: date_range\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: date_range_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n notBefore: 2024-01-01 00:00:00\n notOnOrAfter: 2024-12-31 23:59:59\n # Policy for specific months (January to March)\n quarter1:\n type: keycloak:openid:ClientTimePolicy\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: q1_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n month: '1'\n monthEnd: '3'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this policy exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Required) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`notBefore`\" pulumi-lang-dotnet=\"`NotBefore`\" pulumi-lang-go=\"`notBefore`\" pulumi-lang-python=\"`not_before`\" pulumi-lang-yaml=\"`notBefore`\" pulumi-lang-java=\"`notBefore`\"\u003e`not_before`\u003c/span\u003e - (Optional) The policy is valid only after this date/time (format: `YYYY-MM-DD HH:MM:SS`).\n- \u003cspan pulumi-lang-nodejs=\"`notOnOrAfter`\" pulumi-lang-dotnet=\"`NotOnOrAfter`\" pulumi-lang-go=\"`notOnOrAfter`\" pulumi-lang-python=\"`not_on_or_after`\" pulumi-lang-yaml=\"`notOnOrAfter`\" pulumi-lang-java=\"`notOnOrAfter`\"\u003e`not_on_or_after`\u003c/span\u003e - (Optional) The policy is valid only before this date/time (format: `YYYY-MM-DD HH:MM:SS`).\n- \u003cspan pulumi-lang-nodejs=\"`dayMonth`\" pulumi-lang-dotnet=\"`DayMonth`\" pulumi-lang-go=\"`dayMonth`\" pulumi-lang-python=\"`day_month`\" pulumi-lang-yaml=\"`dayMonth`\" pulumi-lang-java=\"`dayMonth`\"\u003e`day_month`\u003c/span\u003e - (Optional) Starting day of the month (1-31).\n- \u003cspan pulumi-lang-nodejs=\"`dayMonthEnd`\" pulumi-lang-dotnet=\"`DayMonthEnd`\" pulumi-lang-go=\"`dayMonthEnd`\" pulumi-lang-python=\"`day_month_end`\" pulumi-lang-yaml=\"`dayMonthEnd`\" pulumi-lang-java=\"`dayMonthEnd`\"\u003e`day_month_end`\u003c/span\u003e - (Optional) Ending day of the month (1-31).\n- \u003cspan pulumi-lang-nodejs=\"`month`\" pulumi-lang-dotnet=\"`Month`\" pulumi-lang-go=\"`month`\" pulumi-lang-python=\"`month`\" pulumi-lang-yaml=\"`month`\" pulumi-lang-java=\"`month`\"\u003e`month`\u003c/span\u003e - (Optional) Starting month (1-12).\n- \u003cspan pulumi-lang-nodejs=\"`monthEnd`\" pulumi-lang-dotnet=\"`MonthEnd`\" pulumi-lang-go=\"`monthEnd`\" pulumi-lang-python=\"`month_end`\" pulumi-lang-yaml=\"`monthEnd`\" pulumi-lang-java=\"`monthEnd`\"\u003e`month_end`\u003c/span\u003e - (Optional) Ending month (1-12).\n- \u003cspan pulumi-lang-nodejs=\"`year`\" pulumi-lang-dotnet=\"`Year`\" pulumi-lang-go=\"`year`\" pulumi-lang-python=\"`year`\" pulumi-lang-yaml=\"`year`\" pulumi-lang-java=\"`year`\"\u003e`year`\u003c/span\u003e - (Optional) Starting year.\n- \u003cspan pulumi-lang-nodejs=\"`yearEnd`\" pulumi-lang-dotnet=\"`YearEnd`\" pulumi-lang-go=\"`yearEnd`\" pulumi-lang-python=\"`year_end`\" pulumi-lang-yaml=\"`yearEnd`\" pulumi-lang-java=\"`yearEnd`\"\u003e`year_end`\u003c/span\u003e - (Optional) Ending year.\n- \u003cspan pulumi-lang-nodejs=\"`hour`\" pulumi-lang-dotnet=\"`Hour`\" pulumi-lang-go=\"`hour`\" pulumi-lang-python=\"`hour`\" pulumi-lang-yaml=\"`hour`\" pulumi-lang-java=\"`hour`\"\u003e`hour`\u003c/span\u003e - (Optional) Starting hour (0-23).\n- \u003cspan pulumi-lang-nodejs=\"`hourEnd`\" pulumi-lang-dotnet=\"`HourEnd`\" pulumi-lang-go=\"`hourEnd`\" pulumi-lang-python=\"`hour_end`\" pulumi-lang-yaml=\"`hourEnd`\" pulumi-lang-java=\"`hourEnd`\"\u003e`hour_end`\u003c/span\u003e - (Optional) Ending hour (0-23).\n- \u003cspan pulumi-lang-nodejs=\"`minute`\" pulumi-lang-dotnet=\"`Minute`\" pulumi-lang-go=\"`minute`\" pulumi-lang-python=\"`minute`\" pulumi-lang-yaml=\"`minute`\" pulumi-lang-java=\"`minute`\"\u003e`minute`\u003c/span\u003e - (Optional) Starting minute (0-59).\n- \u003cspan pulumi-lang-nodejs=\"`minuteEnd`\" pulumi-lang-dotnet=\"`MinuteEnd`\" pulumi-lang-go=\"`minuteEnd`\" pulumi-lang-python=\"`minute_end`\" pulumi-lang-yaml=\"`minuteEnd`\" pulumi-lang-java=\"`minuteEnd`\"\u003e`minute_end`\u003c/span\u003e - (Optional) Ending minute (0-59).\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the time policy.\n\n## Import\n\nTime policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_time_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"dayMonth":{"type":"string"},"dayMonthEnd":{"type":"string"},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"hour":{"type":"string"},"hourEnd":{"type":"string"},"logic":{"type":"string"},"minute":{"type":"string"},"minuteEnd":{"type":"string"},"month":{"type":"string"},"monthEnd":{"type":"string"},"name":{"type":"string"},"notBefore":{"type":"string"},"notOnOrAfter":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"year":{"type":"string"},"yearEnd":{"type":"string"}},"required":["decisionStrategy","name","realmId","resourceServerId"],"inputProperties":{"dayMonth":{"type":"string"},"dayMonthEnd":{"type":"string"},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"hour":{"type":"string"},"hourEnd":{"type":"string"},"logic":{"type":"string"},"minute":{"type":"string"},"minuteEnd":{"type":"string"},"month":{"type":"string"},"monthEnd":{"type":"string"},"name":{"type":"string"},"notBefore":{"type":"string"},"notOnOrAfter":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"year":{"type":"string"},"yearEnd":{"type":"string"}},"requiredInputs":["decisionStrategy","realmId","resourceServerId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientTimePolicy resources.\n","properties":{"dayMonth":{"type":"string"},"dayMonthEnd":{"type":"string"},"decisionStrategy":{"type":"string"},"description":{"type":"string"},"hour":{"type":"string"},"hourEnd":{"type":"string"},"logic":{"type":"string"},"minute":{"type":"string"},"minuteEnd":{"type":"string"},"month":{"type":"string"},"monthEnd":{"type":"string"},"name":{"type":"string"},"notBefore":{"type":"string"},"notOnOrAfter":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"year":{"type":"string"},"yearEnd":{"type":"string"}},"type":"object"}},"keycloak:openid/clientUserPolicy:ClientUserPolicy":{"description":"Allows you to manage user policies.\n\nUser policies allow you to define conditions based on specific users. This is useful when you need to grant access to individual users rather than based on roles or groups.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst test = new keycloak.openid.Client(\"test\", {\n clientId: \"client_id\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst alice = new keycloak.User(\"alice\", {\n realmId: realm.id,\n username: \"alice\",\n enabled: true,\n email: \"alice@example.com\",\n firstName: \"Alice\",\n lastName: \"Smith\",\n});\nconst bob = new keycloak.User(\"bob\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@example.com\",\n firstName: \"Bob\",\n lastName: \"Jones\",\n});\nconst testClientUserPolicy = new keycloak.openid.ClientUserPolicy(\"test\", {\n resourceServerId: test.resourceServerId,\n realmId: realm.id,\n name: \"user_policy\",\n decisionStrategy: \"UNANIMOUS\",\n logic: \"POSITIVE\",\n users: [\n alice.id,\n bob.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ntest = keycloak.openid.Client(\"test\",\n client_id=\"client_id\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\nalice = keycloak.User(\"alice\",\n realm_id=realm.id,\n username=\"alice\",\n enabled=True,\n email=\"alice@example.com\",\n first_name=\"Alice\",\n last_name=\"Smith\")\nbob = keycloak.User(\"bob\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@example.com\",\n first_name=\"Bob\",\n last_name=\"Jones\")\ntest_client_user_policy = keycloak.openid.ClientUserPolicy(\"test\",\n resource_server_id=test.resource_server_id,\n realm_id=realm.id,\n name=\"user_policy\",\n decision_strategy=\"UNANIMOUS\",\n logic=\"POSITIVE\",\n users=[\n alice.id,\n bob.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var test = new Keycloak.OpenId.Client(\"test\", new()\n {\n ClientId = \"client_id\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var alice = new Keycloak.User(\"alice\", new()\n {\n RealmId = realm.Id,\n Username = \"alice\",\n Enabled = true,\n Email = \"alice@example.com\",\n FirstName = \"Alice\",\n LastName = \"Smith\",\n });\n\n var bob = new Keycloak.User(\"bob\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@example.com\",\n FirstName = \"Bob\",\n LastName = \"Jones\",\n });\n\n var testClientUserPolicy = new Keycloak.OpenId.ClientUserPolicy(\"test\", new()\n {\n ResourceServerId = test.ResourceServerId,\n RealmId = realm.Id,\n Name = \"user_policy\",\n DecisionStrategy = \"UNANIMOUS\",\n Logic = \"POSITIVE\",\n Users = new[]\n {\n alice.Id,\n bob.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := openid.NewClient(ctx, \"test\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\talice, err := keycloak.NewUser(ctx, \"alice\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"alice\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"alice@example.com\"),\n\t\t\tFirstName: pulumi.String(\"Alice\"),\n\t\t\tLastName: pulumi.String(\"Smith\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbob, err := keycloak.NewUser(ctx, \"bob\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@example.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Jones\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientUserPolicy(ctx, \"test\", \u0026openid.ClientUserPolicyArgs{\n\t\t\tResourceServerId: test.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"user_policy\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tUsers: pulumi.StringArray{\n\t\t\t\talice.ID(),\n\t\t\t\tbob.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.openid.ClientUserPolicy;\nimport com.pulumi.keycloak.openid.ClientUserPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var test = new Client(\"test\", ClientArgs.builder()\n .clientId(\"client_id\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n var alice = new User(\"alice\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"alice\")\n .enabled(true)\n .email(\"alice@example.com\")\n .firstName(\"Alice\")\n .lastName(\"Smith\")\n .build());\n\n var bob = new User(\"bob\", UserArgs.builder()\n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@example.com\")\n .firstName(\"Bob\")\n .lastName(\"Jones\")\n .build());\n\n var testClientUserPolicy = new ClientUserPolicy(\"testClientUserPolicy\", ClientUserPolicyArgs.builder()\n .resourceServerId(test.resourceServerId())\n .realmId(realm.id())\n .name(\"user_policy\")\n .decisionStrategy(\"UNANIMOUS\")\n .logic(\"POSITIVE\")\n .users( \n alice.id(),\n bob.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n test:\n type: keycloak:openid:Client\n properties:\n clientId: client_id\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n alice:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: alice\n enabled: true\n email: alice@example.com\n firstName: Alice\n lastName: Smith\n bob:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@example.com\n firstName: Bob\n lastName: Jones\n testClientUserPolicy:\n type: keycloak:openid:ClientUserPolicy\n name: test\n properties:\n resourceServerId: ${test.resourceServerId}\n realmId: ${realm.id}\n name: user_policy\n decisionStrategy: UNANIMOUS\n logic: POSITIVE\n users:\n - ${alice.id}\n - ${bob.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- \u003cspan pulumi-lang-nodejs=\"`realmId`\" pulumi-lang-dotnet=\"`RealmId`\" pulumi-lang-go=\"`realmId`\" pulumi-lang-python=\"`realm_id`\" pulumi-lang-yaml=\"`realmId`\" pulumi-lang-java=\"`realmId`\"\u003e`realm_id`\u003c/span\u003e - (Required) The realm this policy exists in.\n- \u003cspan pulumi-lang-nodejs=\"`resourceServerId`\" pulumi-lang-dotnet=\"`ResourceServerId`\" pulumi-lang-go=\"`resourceServerId`\" pulumi-lang-python=\"`resource_server_id`\" pulumi-lang-yaml=\"`resourceServerId`\" pulumi-lang-java=\"`resourceServerId`\"\u003e`resource_server_id`\u003c/span\u003e - (Required) The ID of the resource server.\n- \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e - (Required) The name of the policy.\n- \u003cspan pulumi-lang-nodejs=\"`decisionStrategy`\" pulumi-lang-dotnet=\"`DecisionStrategy`\" pulumi-lang-go=\"`decisionStrategy`\" pulumi-lang-python=\"`decision_strategy`\" pulumi-lang-yaml=\"`decisionStrategy`\" pulumi-lang-java=\"`decisionStrategy`\"\u003e`decision_strategy`\u003c/span\u003e - (Required) The decision strategy, can be one of `UNANIMOUS`, `AFFIRMATIVE`, or `CONSENSUS`.\n- \u003cspan pulumi-lang-nodejs=\"`users`\" pulumi-lang-dotnet=\"`Users`\" pulumi-lang-go=\"`users`\" pulumi-lang-python=\"`users`\" pulumi-lang-yaml=\"`users`\" pulumi-lang-java=\"`users`\"\u003e`users`\u003c/span\u003e - (Required) A list of user IDs that this policy applies to.\n- \u003cspan pulumi-lang-nodejs=\"`logic`\" pulumi-lang-dotnet=\"`Logic`\" pulumi-lang-go=\"`logic`\" pulumi-lang-python=\"`logic`\" pulumi-lang-yaml=\"`logic`\" pulumi-lang-java=\"`logic`\"\u003e`logic`\u003c/span\u003e - (Optional) The logic, can be one of `POSITIVE` or `NEGATIVE`. Defaults to `POSITIVE`.\n- \u003cspan pulumi-lang-nodejs=\"`description`\" pulumi-lang-dotnet=\"`Description`\" pulumi-lang-go=\"`description`\" pulumi-lang-python=\"`description`\" pulumi-lang-yaml=\"`description`\" pulumi-lang-java=\"`description`\"\u003e`description`\u003c/span\u003e - (Optional) A description for the authorization policy.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - Policy ID representing the user policy.\n\n## Import\n\nUser policies can be imported using the format: `{{realmId}}/{{resourceServerId}}/{{policyId}}`.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_user_policy.test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9\n```\n\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"users":{"type":"array","items":{"type":"string"}}},"required":["decisionStrategy","name","realmId","resourceServerId","users"],"inputProperties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"users":{"type":"array","items":{"type":"string"}}},"requiredInputs":["decisionStrategy","realmId","resourceServerId","users"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientUserPolicy resources.\n","properties":{"decisionStrategy":{"type":"string"},"description":{"type":"string"},"logic":{"type":"string"},"name":{"type":"string"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"users":{"type":"array","items":{"type":"string"}}},"type":"object"}},"keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper":{"description":"Allows for creating and managing full name protocol mappers within Keycloak.\n\nFull name protocol mappers allow you to map a user's first and last name to the OpenID Connect \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e claim in a token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"full-name-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"full-name-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"full_name_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"full-name-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"full_name_mapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"full-name-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"full-name-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n name: full_name_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: full-name-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"full-name-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"full-name-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"full_name_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"full-name-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"full_name_mapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"full-name-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"full-name-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n name: full_name_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: full-name-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering FullNameProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper":{"description":"Allows for creating and managing group membership protocol mappers within Keycloak.\n\nGroup membership protocol mappers allow you to map a user's group memberships to a claim in a token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"group-membership-mapper\",\n claimName: \"groups\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"group-membership-mapper\",\n claim_name=\"groups\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"group_membership_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"group-membership-mapper\",\n ClaimName = \"groups\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"group_membership_mapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"group-membership-mapper\"),\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"group-membership-mapper\")\n .claimName(\"groups\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n name: group_membership_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: group-membership-mapper\n claimName: groups\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"group-membership-mapper\",\n claimName: \"groups\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"group-membership-mapper\",\n claim_name=\"groups\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"group_membership_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"group-membership-mapper\",\n ClaimName = \"groups\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"group_membership_mapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"group-membership-mapper\"),\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"group-membership-mapper\")\n .claimName(\"groups\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n name: group_membership_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: group-membership-mapper\n claimName: groups\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"fullPath":{"type":"boolean","description":"Indicates whether the full path of the group including its parents will be used. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["claimName","name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"fullPath":{"type":"boolean","description":"Indicates whether the full path of the group including its parents will be used. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["claimName","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupMembershipProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"fullPath":{"type":"boolean","description":"Indicates whether the full path of the group including its parents will be used. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper":{"description":"Allows for creating and managing hardcoded claim protocol mappers within Keycloak.\n\nHardcoded claim protocol mappers allow you to define a claim with a hardcoded value.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"hardcoded-claim-mapper\",\n claimName: \"foo\",\n claimValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"hardcoded-claim-mapper\",\n claim_name=\"foo\",\n claim_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"hardcoded-claim-mapper\",\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcoded_claim_mapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-claim-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"hardcoded-claim-mapper\")\n .claimName(\"foo\")\n .claimValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n name: hardcoded_claim_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: hardcoded-claim-mapper\n claimName: foo\n claimValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"hardcoded-claim-mapper\",\n claimName: \"foo\",\n claimValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"hardcoded-claim-mapper\",\n claim_name=\"foo\",\n claim_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"hardcoded-claim-mapper\",\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcoded_claim_mapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-claim-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"hardcoded-claim-mapper\")\n .claimName(\"foo\")\n .claimValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n name: hardcoded_claim_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: hardcoded-claim-mapper\n claimName: foo\n claimValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValue":{"type":"string","description":"The hardcoded value of the claim.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["claimName","claimValue","name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValue":{"type":"string","description":"The hardcoded value of the claim.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["claimName","claimValue","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedClaimProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValue":{"type":"string","description":"The hardcoded value of the claim.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper":{"description":"Allows for creating and managing hardcoded role protocol mappers within Keycloak.\n\nHardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst role = new keycloak.Role(\"role\", {\n realmId: realm.id,\n name: \"my-role\",\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"hardcoded-role-mapper\",\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrole = keycloak.Role(\"role\",\n realm_id=realm.id,\n name=\"my-role\")\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"hardcoded-role-mapper\",\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-role\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"hardcoded-role-mapper\",\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcoded_role_mapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-role-mapper\"),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-role\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"hardcoded-role-mapper\")\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n name: my-role\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n name: hardcoded_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: hardcoded-role-mapper\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst role = new keycloak.Role(\"role\", {\n realmId: realm.id,\n name: \"my-role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"hardcoded-role-mapper\",\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrole = keycloak.Role(\"role\",\n realm_id=realm.id,\n name=\"my-role\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"hardcoded-role-mapper\",\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"hardcoded-role-mapper\",\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcoded_role_mapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-role-mapper\"),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"my-role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"hardcoded-role-mapper\")\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n name: my-role\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n name: hardcoded_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: hardcoded-role-mapper\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"roleId":{"type":"string","description":"The ID of the role to map to an access token.\n"}},"required":["name","realmId","roleId"],"inputProperties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The ID of the role to map to an access token.\n"}},"requiredInputs":["realmId","roleId"],"stateInputs":{"description":"Input properties used for looking up and filtering HardcodedRoleProtocolMapper resources.\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n","willReplaceOnChanges":true},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The ID of the role to map to an access token.\n"}},"type":"object"}},"keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper":{"description":"Allows for creating and managing script protocol mappers within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce a token claim based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n\u003e Support for this protocol mapper was removed in Keycloak 18.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"script_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"script-mapper\",\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"script_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"script-mapper\",\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"script_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"script-mapper\",\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"script_mapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"script-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"script-mapper\")\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n name: script_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: script-mapper\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"script_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"script-mapper\",\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"script_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"script-mapper\",\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"script_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"script-mapper\",\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"script_mapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"script-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"script-mapper\")\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n name: script_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: script-mapper\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_script_protocol_mapper.script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_script_protocol_mapper.script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"script":{"type":"string","description":"JavaScript code to compute the claim value.\n"}},"required":["claimName","name","realmId","script"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"script":{"type":"string","description":"JavaScript code to compute the claim value.\n"}},"requiredInputs":["claimName","realmId","script"],"stateInputs":{"description":"Input properties used for looking up and filtering ScriptProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"script":{"type":"string","description":"JavaScript code to compute the claim value.\n"}},"type":"object"}},"keycloak:openid/subProtocolMapper:SubProtocolMapper":{"description":"Allows for creating and managing sub protocol mappers within Keycloak.\n\nSub protocol mappers add the Subject (sub) claim to tokens. The sub claim contains the user ID and is a standard claim in OpenID Connect tokens.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst subMapper = new keycloak.openid.SubProtocolMapper(\"sub_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"sub-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nsub_mapper = keycloak.openid.SubProtocolMapper(\"sub_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"sub-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var subMapper = new Keycloak.OpenId.SubProtocolMapper(\"sub_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"sub-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewSubProtocolMapper(ctx, \"sub_mapper\", \u0026openid.SubProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"sub-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.SubProtocolMapper;\nimport com.pulumi.keycloak.openid.SubProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var subMapper = new SubProtocolMapper(\"subMapper\", SubProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"sub-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n subMapper:\n type: keycloak:openid:SubProtocolMapper\n name: sub_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: sub-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst subMapper = new keycloak.openid.SubProtocolMapper(\"sub_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"sub-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nsub_mapper = keycloak.openid.SubProtocolMapper(\"sub_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"sub-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var subMapper = new Keycloak.OpenId.SubProtocolMapper(\"sub_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"sub-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewSubProtocolMapper(ctx, \"sub_mapper\", \u0026openid.SubProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"sub-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.SubProtocolMapper;\nimport com.pulumi.keycloak.openid.SubProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var subMapper = new SubProtocolMapper(\"subMapper\", SubProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"sub-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n subMapper:\n type: keycloak:openid:SubProtocolMapper\n name: sub_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: sub-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_sub_protocol_mapper.sub_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_sub_protocol_mapper.sub_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the sub claim should be added to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToTokenIntrospection":{"type":"boolean","description":"Indicates if the sub claim should be added to the token introspection response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the sub claim should be added to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToTokenIntrospection":{"type":"boolean","description":"Indicates if the sub claim should be added to the token introspection response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering SubProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the sub claim should be added to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToTokenIntrospection":{"type":"boolean","description":"Indicates if the sub claim should be added to the token introspection response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper":{"description":"Allows for creating and managing user attribute protocol mappers within Keycloak.\n\nUser attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-attribute-mapper\",\n userAttribute: \"foo\",\n claimName: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-attribute-mapper\",\n user_attribute=\"foo\",\n claim_name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"user_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-attribute-mapper\",\n UserAttribute = \"foo\",\n ClaimName = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"user_attribute_mapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-attribute-mapper\"),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-attribute-mapper\")\n .userAttribute(\"foo\")\n .claimName(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n name: user_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-attribute-mapper\n userAttribute: foo\n claimName: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"user-attribute-mapper\",\n userAttribute: \"foo\",\n claimName: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"user-attribute-mapper\",\n user_attribute=\"foo\",\n claim_name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"user_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"user-attribute-mapper\",\n UserAttribute = \"foo\",\n ClaimName = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"user_attribute_mapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"user-attribute-mapper\"),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"user-attribute-mapper\")\n .userAttribute(\"foo\")\n .claimName(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n name: user_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: user-attribute-mapper\n userAttribute: foo\n claimName: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"aggregateAttributes":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"multivalued":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"userAttribute":{"type":"string","description":"The custom user attribute to map a claim for.\n"}},"required":["claimName","name","realmId","userAttribute"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"aggregateAttributes":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"userAttribute":{"type":"string","description":"The custom user attribute to map a claim for.\n"}},"requiredInputs":["claimName","realmId","userAttribute"],"stateInputs":{"description":"Input properties used for looking up and filtering UserAttributeProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"aggregateAttributes":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"userAttribute":{"type":"string","description":"The custom user attribute to map a claim for.\n"}},"type":"object"}},"keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper":{"description":"Allows for creating and managing user client role protocol mappers within Keycloak.\n\nUser client role protocol mappers allow you to define a claim containing the list of a client roles.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-client-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-client-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"user_client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-client-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"user_client_role_mapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-client-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-client-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n name: user_client_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-client-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"user-client-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"user-client-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"user_client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"user-client-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"user_client_role_mapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"user-client-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"user-client-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n name: user_client_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: user-client-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_client_role_protocol_mapper.user_client_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientIdForRoleMappings":{"type":"string","description":"The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.\n"},"clientRolePrefix":{"type":"string","description":"A prefix for each Client Role.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"}},"required":["claimName","name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientIdForRoleMappings":{"type":"string","description":"The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.\n"},"clientRolePrefix":{"type":"string","description":"A prefix for each Client Role.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"requiredInputs":["claimName","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering UserClientRoleProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientIdForRoleMappings":{"type":"string","description":"The Client ID for role mappings. Just client roles of this client will be added to the token. If this is unset, client roles of all clients will be added to the token.\n"},"clientRolePrefix":{"type":"string","description":"A prefix for each Client Role.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper":{"description":"Allows for creating and managing user property protocol mappers within Keycloak.\n\nUser property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in\na token.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-property-mapper\",\n userProperty: \"email\",\n claimName: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-property-mapper\",\n user_property=\"email\",\n claim_name=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"user_property_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-property-mapper\",\n UserProperty = \"email\",\n ClaimName = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"user_property_mapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-property-mapper\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-property-mapper\")\n .userProperty(\"email\")\n .claimName(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n name: user_property_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-property-mapper\n userProperty: email\n claimName: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"test-mapper\",\n userProperty: \"email\",\n claimName: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"test-mapper\",\n user_property=\"email\",\n claim_name=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"user_property_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"test-mapper\",\n UserProperty = \"email\",\n ClaimName = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"user_property_mapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"test-mapper\")\n .userProperty(\"email\")\n .claimName(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n name: user_property_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: test-mapper\n userProperty: email\n claimName: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified. \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e - (Required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not specified) The client scope this protocol mapper is attached to.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"userProperty":{"type":"string","description":"The built-in user property (such as email) to map a claim for.\n"}},"required":["claimName","name","realmId","userProperty"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified. \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e - (Required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not specified) The client scope this protocol mapper is attached to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"userProperty":{"type":"string","description":"The built-in user property (such as email) to map a claim for.\n"}},"requiredInputs":["claimName","realmId","userProperty"],"stateInputs":{"description":"Input properties used for looking up and filtering UserPropertyProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified. \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e - (Required if \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e is not specified) The client scope this protocol mapper is attached to.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"userProperty":{"type":"string","description":"The built-in user property (such as email) to map a claim for.\n"}},"type":"object"}},"keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper":{"description":"Allows for creating and managing user realm role protocol mappers within Keycloak.\n\nUser realm role protocol mappers allow you to define a claim containing the list of the realm roles.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-realm-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-realm-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-realm-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"user_realm_role_mapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-realm-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-realm-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n name: user_realm_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-realm-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"user-realm-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"user-realm-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"user-realm-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"user_realm_role_mapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"user-realm-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"user-realm-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n name: user_realm_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: user-realm-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToTokenIntrospection":{"type":"boolean","description":"Indicates if the property should be added as a claim to the Token Introspection response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"realmRolePrefix":{"type":"string","description":"A prefix for each Realm Role.\n"}},"required":["claimName","name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToTokenIntrospection":{"type":"boolean","description":"Indicates if the property should be added as a claim to the Token Introspection response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"realmRolePrefix":{"type":"string","description":"A prefix for each Realm Role.\n"}},"requiredInputs":["claimName","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering UserRealmRoleProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToTokenIntrospection":{"type":"boolean","description":"Indicates if the property should be added as a claim to the Token Introspection response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToUserinfo":{"type":"boolean","description":"Indicates if the property should be added as a claim to the UserInfo response body. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"multivalued":{"type":"boolean","description":"Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"realmRolePrefix":{"type":"string","description":"A prefix for each Realm Role.\n"}},"type":"object"}},"keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper":{"description":"Allows for creating and managing user session note protocol mappers within Keycloak.\n\nUser session note protocol mappers map a custom user session note to a token claim.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-session-note-mapper\",\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-session-note-mapper\",\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-session-note-mapper\",\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"user_session_note_mapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-session-note-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-session-note-mapper\")\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n name: user_session_note_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-session-note-mapper\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"user-session-note-mapper\",\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"user-session-note-mapper\",\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"user-session-note-mapper\",\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"user_session_note_mapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"user-session-note-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"user-session-note-mapper\")\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n name: user_session_note_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: user-session-note-mapper\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_session_note_protocol_mapper.user_session_note_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"sessionNote":{"type":"string","description":"String value being the name of stored user session note within the `UserSessionModel.note` map.\n"}},"required":["claimName","name","realmId"],"inputProperties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"sessionNote":{"type":"string","description":"String value being the name of stored user session note within the `UserSessionModel.note` map.\n"}},"requiredInputs":["claimName","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering UserSessionNoteProtocolMapper resources.\n","properties":{"addToAccessToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the access token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"addToIdToken":{"type":"boolean","description":"Indicates if the property should be added as a claim to the id token. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"claimName":{"type":"string","description":"The name of the claim to insert into a token.\n"},"claimValueType":{"type":"string","description":"The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, \u003cspan pulumi-lang-nodejs=\"`long`\" pulumi-lang-dotnet=\"`Long`\" pulumi-lang-go=\"`long`\" pulumi-lang-python=\"`long`\" pulumi-lang-yaml=\"`long`\" pulumi-lang-java=\"`long`\"\u003e`long`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`int`\" pulumi-lang-dotnet=\"`Int`\" pulumi-lang-go=\"`int`\" pulumi-lang-python=\"`int`\" pulumi-lang-yaml=\"`int`\" pulumi-lang-java=\"`int`\"\u003e`int`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e. Defaults to `String`.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"sessionNote":{"type":"string","description":"String value being the name of stored user session note within the `UserSessionModel.note` map.\n"}},"type":"object"}},"keycloak:saml/client:Client":{"description":"Allows for creating and managing Keycloak clients that use the SAML protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users\nto Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\nimport * as std from \"@pulumi/std\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n name: \"saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: std.index.file({\n input: \"saml-cert.pem\",\n }).result,\n signingPrivateKey: std.index.file({\n input: \"saml-key.pem\",\n }).result,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\nimport pulumi_std as std\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n name=\"saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=std.index.file(input=\"saml-cert.pem\")[\"result\"],\n signing_private_key=std.index.file(input=\"saml-key.pem\")[\"result\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n Name = \"saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = Std.Index.File.Invoke(new()\n {\n Input = \"saml-cert.pem\",\n }).Result,\n SigningPrivateKey = Std.Index.File.Invoke(new()\n {\n Input = \"saml-key.pem\",\n }).Result,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, map[string]interface{}{\n\t\t\t\"input\": \"saml-cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, map[string]interface{}{\n\t\t\t\"input\": \"saml-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tName: pulumi.String(\"saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: invokeFile.Result,\n\t\t\tSigningPrivateKey: invokeFile1.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.std.StdFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"saml-client\")\n .name(\"saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(StdFunctions.file(Map.of(\"input\", \"saml-cert.pem\")).result())\n .signingPrivateKey(StdFunctions.file(Map.of(\"input\", \"saml-key.pem\")).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n name: saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: saml-cert.pem\n return: result\n signingPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: saml-key.pem\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where \u003cspan pulumi-lang-nodejs=\"`clientKeycloakId`\" pulumi-lang-dotnet=\"`ClientKeycloakId`\" pulumi-lang-go=\"`clientKeycloakId`\" pulumi-lang-python=\"`client_keycloak_id`\" pulumi-lang-yaml=\"`clientKeycloakId`\" pulumi-lang-java=\"`clientKeycloakId`\"\u003e`client_keycloak_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_client.saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n\n","properties":{"alwaysDisplayInConsole":{"type":"boolean","description":"Always list this client in the Account UI, even if the user does not have an active session.\n"},"assertionConsumerPostUrl":{"type":"string","description":"SAML POST Binding URL for the client's assertion consumer service (login responses).\n"},"assertionConsumerRedirectUrl":{"type":"string","description":"SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n"},"authenticationFlowBindingOverrides":{"$ref":"#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides","description":"Override realm authentication flow bindings\n"},"baseUrl":{"type":"string","description":"When specified, this URL will be used whenever Keycloak needs to link to this client.\n"},"canonicalizationMethod":{"type":"string","description":"The Canonicalization Method for XML signatures. Should be one of \"EXCLUSIVE\", \"EXCLUSIVE_WITH_COMMENTS\", \"INCLUSIVE\", or \"INCLUSIVE_WITH_COMMENTS\". Defaults to \"EXCLUSIVE\".\n"},"clientId":{"type":"string","description":"The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n"},"clientSignatureRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via \u003cspan pulumi-lang-nodejs=\"`signingCertificate`\" pulumi-lang-dotnet=\"`SigningCertificate`\" pulumi-lang-go=\"`signingCertificate`\" pulumi-lang-python=\"`signing_certificate`\" pulumi-lang-yaml=\"`signingCertificate`\" pulumi-lang-java=\"`signingCertificate`\"\u003e`signing_certificate`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`signingPrivateKey`\" pulumi-lang-dotnet=\"`SigningPrivateKey`\" pulumi-lang-go=\"`signingPrivateKey`\" pulumi-lang-python=\"`signing_private_key`\" pulumi-lang-yaml=\"`signingPrivateKey`\" pulumi-lang-java=\"`signingPrivateKey`\"\u003e`signing_private_key`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"consentRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users have to consent to client access. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"description":{"type":"string","description":"The description of this client in the GUI.\n"},"enabled":{"type":"boolean","description":"When false, this client will not be able to initiate a login or obtain access tokens. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"encryptAssertions":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"encryptionAlgorithm":{"type":"string","description":"Algorithm used to encrypt SAML assertions. Allowed values: `AES_256_GCM`, `AES_192_GCM`, `AES_128_GCM`, `AES_256_CBC`, `AES_192_CBC`, or `AES_128_CBC`.\n"},"encryptionCertificate":{"type":"string","description":"If assertions for the client are encrypted, this certificate will be used for encryption.\n"},"encryptionCertificateSha1":{"type":"string","description":"(Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.\n"},"encryptionDigestMethod":{"type":"string","description":"Digest method used with SAML encryption. Allowed values: `SHA-512`, `SHA-256`, or `SHA-1`. Only valid when \u003cspan pulumi-lang-nodejs=\"`encryptionKeyAlgorithm`\" pulumi-lang-dotnet=\"`EncryptionKeyAlgorithm`\" pulumi-lang-go=\"`encryptionKeyAlgorithm`\" pulumi-lang-python=\"`encryption_key_algorithm`\" pulumi-lang-yaml=\"`encryptionKeyAlgorithm`\" pulumi-lang-java=\"`encryptionKeyAlgorithm`\"\u003e`encryption_key_algorithm`\u003c/span\u003e is `RSA-OAEP-11` or `RSA-OAEP-MGF1P`. Default is `SHA-256`.\n"},"encryptionKeyAlgorithm":{"type":"string","description":"Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: `RSA-OAEP-11`, `RSA-OAEP-MGF1P`, or `RSA1_5`. Default is `RSA-OAEP-11`.\n"},"encryptionMaskGenerationFunction":{"type":"string","description":"Mask generation function used with SAML encryption. Allowed values: \u003cspan pulumi-lang-nodejs=\"`mgf1sha1`\" pulumi-lang-dotnet=\"`Mgf1sha1`\" pulumi-lang-go=\"`mgf1sha1`\" pulumi-lang-python=\"`mgf1sha1`\" pulumi-lang-yaml=\"`mgf1sha1`\" pulumi-lang-java=\"`mgf1sha1`\"\u003e`mgf1sha1`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha224`\" pulumi-lang-dotnet=\"`Mgf1sha224`\" pulumi-lang-go=\"`mgf1sha224`\" pulumi-lang-python=\"`mgf1sha224`\" pulumi-lang-yaml=\"`mgf1sha224`\" pulumi-lang-java=\"`mgf1sha224`\"\u003e`mgf1sha224`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha256`\" pulumi-lang-dotnet=\"`Mgf1sha256`\" pulumi-lang-go=\"`mgf1sha256`\" pulumi-lang-python=\"`mgf1sha256`\" pulumi-lang-yaml=\"`mgf1sha256`\" pulumi-lang-java=\"`mgf1sha256`\"\u003e`mgf1sha256`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha384`\" pulumi-lang-dotnet=\"`Mgf1sha384`\" pulumi-lang-go=\"`mgf1sha384`\" pulumi-lang-python=\"`mgf1sha384`\" pulumi-lang-yaml=\"`mgf1sha384`\" pulumi-lang-java=\"`mgf1sha384`\"\u003e`mgf1sha384`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`mgf1sha512`\" pulumi-lang-dotnet=\"`Mgf1sha512`\" pulumi-lang-go=\"`mgf1sha512`\" pulumi-lang-python=\"`mgf1sha512`\" pulumi-lang-yaml=\"`mgf1sha512`\" pulumi-lang-java=\"`mgf1sha512`\"\u003e`mgf1sha512`\u003c/span\u003e. Only valid when \u003cspan pulumi-lang-nodejs=\"`encryptionKeyAlgorithm`\" pulumi-lang-dotnet=\"`EncryptionKeyAlgorithm`\" pulumi-lang-go=\"`encryptionKeyAlgorithm`\" pulumi-lang-python=\"`encryption_key_algorithm`\" pulumi-lang-yaml=\"`encryptionKeyAlgorithm`\" pulumi-lang-java=\"`encryptionKeyAlgorithm`\"\u003e`encryption_key_algorithm`\u003c/span\u003e is `RSA-OAEP-11`. Default is \u003cspan pulumi-lang-nodejs=\"`mgf1sha256`\" pulumi-lang-dotnet=\"`Mgf1sha256`\" pulumi-lang-go=\"`mgf1sha256`\" pulumi-lang-python=\"`mgf1sha256`\" pulumi-lang-yaml=\"`mgf1sha256`\" pulumi-lang-java=\"`mgf1sha256`\"\u003e`mgf1sha256`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client. This can be used for custom attributes, or to add configuration attributes that is not yet supported by this Terraform provider. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates.\n"},"forceNameIdFormat":{"type":"boolean","description":"Ignore requested NameID subject format and use the one defined in \u003cspan pulumi-lang-nodejs=\"`nameIdFormat`\" pulumi-lang-dotnet=\"`NameIdFormat`\" pulumi-lang-go=\"`nameIdFormat`\" pulumi-lang-python=\"`name_id_format`\" pulumi-lang-yaml=\"`nameIdFormat`\" pulumi-lang-java=\"`nameIdFormat`\"\u003e`name_id_format`\u003c/span\u003e instead. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"forcePostBinding":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"frontChannelLogout":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this client will require a browser redirect in order to perform a logout. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullScopeAllowed":{"type":"boolean","description":"Allow to include all roles mappings in the access token\n"},"idpInitiatedSsoRelayState":{"type":"string","description":"Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n"},"idpInitiatedSsoUrlName":{"type":"string","description":"URL fragment name to reference client when you want to do IDP Initiated SSO.\n"},"includeAuthnStatement":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, an `AuthnStatement` will be included in the SAML response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"loginTheme":{"type":"string","description":"The login theme of this client.\n"},"logoutServicePostBindingUrl":{"type":"string","description":"SAML POST Binding URL for the client's single logout service.\n"},"logoutServiceRedirectBindingUrl":{"type":"string","description":"SAML Redirect Binding URL for the client's single logout service.\n"},"masterSamlProcessingUrl":{"type":"string","description":"When specified, this URL will be used for all SAML requests.\n"},"name":{"type":"string","description":"The display name of this client in the GUI.\n"},"nameIdFormat":{"type":"string","description":"Sets the Name ID format for the subject.\n"},"realmId":{"type":"string","description":"The realm this client is attached to.\n"},"rootUrl":{"type":"string","description":"When specified, this value is prepended to all relative URLs.\n"},"signAssertions":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"signDocuments":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML document will be signed by Keycloak using the realm's private key. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"signatureAlgorithm":{"type":"string","description":"The signature algorithm used to sign documents. Should be one of \"RSA_SHA1\", \"RSA_SHA256\", \"RSA_SHA256_MGF1, \"RSA_SHA512\", \"RSA_SHA512_MGF1\" or \"DSA_SHA1\".\n"},"signatureKeyName":{"type":"string","description":"The value of the `KeyName` element within the signed SAML document. Should be one of \"NONE\", \"KEY_ID\", or \"CERT_SUBJECT\". Defaults to \"KEY_ID\".\n"},"signingCertificate":{"type":"string","description":"If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n"},"signingCertificateSha1":{"type":"string","description":"(Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.\n"},"signingPrivateKey":{"type":"string","description":"If documents or assertions from the client are signed, this private key will be used to verify the signature.\n"},"signingPrivateKeySha1":{"type":"string","description":"(Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.\n"},"validRedirectUris":{"type":"array","items":{"type":"string"},"description":"When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n"}},"required":["clientId","consentRequired","encryptionCertificate","encryptionCertificateSha1","encryptionDigestMethod","encryptionKeyAlgorithm","encryptionMaskGenerationFunction","name","nameIdFormat","realmId","signatureAlgorithm","signingCertificate","signingCertificateSha1","signingPrivateKey","signingPrivateKeySha1"],"inputProperties":{"alwaysDisplayInConsole":{"type":"boolean","description":"Always list this client in the Account UI, even if the user does not have an active session.\n"},"assertionConsumerPostUrl":{"type":"string","description":"SAML POST Binding URL for the client's assertion consumer service (login responses).\n"},"assertionConsumerRedirectUrl":{"type":"string","description":"SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n"},"authenticationFlowBindingOverrides":{"$ref":"#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides","description":"Override realm authentication flow bindings\n"},"baseUrl":{"type":"string","description":"When specified, this URL will be used whenever Keycloak needs to link to this client.\n"},"canonicalizationMethod":{"type":"string","description":"The Canonicalization Method for XML signatures. Should be one of \"EXCLUSIVE\", \"EXCLUSIVE_WITH_COMMENTS\", \"INCLUSIVE\", or \"INCLUSIVE_WITH_COMMENTS\". Defaults to \"EXCLUSIVE\".\n"},"clientId":{"type":"string","description":"The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n"},"clientSignatureRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via \u003cspan pulumi-lang-nodejs=\"`signingCertificate`\" pulumi-lang-dotnet=\"`SigningCertificate`\" pulumi-lang-go=\"`signingCertificate`\" pulumi-lang-python=\"`signing_certificate`\" pulumi-lang-yaml=\"`signingCertificate`\" pulumi-lang-java=\"`signingCertificate`\"\u003e`signing_certificate`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`signingPrivateKey`\" pulumi-lang-dotnet=\"`SigningPrivateKey`\" pulumi-lang-go=\"`signingPrivateKey`\" pulumi-lang-python=\"`signing_private_key`\" pulumi-lang-yaml=\"`signingPrivateKey`\" pulumi-lang-java=\"`signingPrivateKey`\"\u003e`signing_private_key`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"consentRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users have to consent to client access. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"description":{"type":"string","description":"The description of this client in the GUI.\n"},"enabled":{"type":"boolean","description":"When false, this client will not be able to initiate a login or obtain access tokens. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"encryptAssertions":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"encryptionAlgorithm":{"type":"string","description":"Algorithm used to encrypt SAML assertions. Allowed values: `AES_256_GCM`, `AES_192_GCM`, `AES_128_GCM`, `AES_256_CBC`, `AES_192_CBC`, or `AES_128_CBC`.\n"},"encryptionCertificate":{"type":"string","description":"If assertions for the client are encrypted, this certificate will be used for encryption.\n"},"encryptionDigestMethod":{"type":"string","description":"Digest method used with SAML encryption. Allowed values: `SHA-512`, `SHA-256`, or `SHA-1`. Only valid when \u003cspan pulumi-lang-nodejs=\"`encryptionKeyAlgorithm`\" pulumi-lang-dotnet=\"`EncryptionKeyAlgorithm`\" pulumi-lang-go=\"`encryptionKeyAlgorithm`\" pulumi-lang-python=\"`encryption_key_algorithm`\" pulumi-lang-yaml=\"`encryptionKeyAlgorithm`\" pulumi-lang-java=\"`encryptionKeyAlgorithm`\"\u003e`encryption_key_algorithm`\u003c/span\u003e is `RSA-OAEP-11` or `RSA-OAEP-MGF1P`. Default is `SHA-256`.\n"},"encryptionKeyAlgorithm":{"type":"string","description":"Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: `RSA-OAEP-11`, `RSA-OAEP-MGF1P`, or `RSA1_5`. Default is `RSA-OAEP-11`.\n"},"encryptionMaskGenerationFunction":{"type":"string","description":"Mask generation function used with SAML encryption. Allowed values: \u003cspan pulumi-lang-nodejs=\"`mgf1sha1`\" pulumi-lang-dotnet=\"`Mgf1sha1`\" pulumi-lang-go=\"`mgf1sha1`\" pulumi-lang-python=\"`mgf1sha1`\" pulumi-lang-yaml=\"`mgf1sha1`\" pulumi-lang-java=\"`mgf1sha1`\"\u003e`mgf1sha1`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha224`\" pulumi-lang-dotnet=\"`Mgf1sha224`\" pulumi-lang-go=\"`mgf1sha224`\" pulumi-lang-python=\"`mgf1sha224`\" pulumi-lang-yaml=\"`mgf1sha224`\" pulumi-lang-java=\"`mgf1sha224`\"\u003e`mgf1sha224`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha256`\" pulumi-lang-dotnet=\"`Mgf1sha256`\" pulumi-lang-go=\"`mgf1sha256`\" pulumi-lang-python=\"`mgf1sha256`\" pulumi-lang-yaml=\"`mgf1sha256`\" pulumi-lang-java=\"`mgf1sha256`\"\u003e`mgf1sha256`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha384`\" pulumi-lang-dotnet=\"`Mgf1sha384`\" pulumi-lang-go=\"`mgf1sha384`\" pulumi-lang-python=\"`mgf1sha384`\" pulumi-lang-yaml=\"`mgf1sha384`\" pulumi-lang-java=\"`mgf1sha384`\"\u003e`mgf1sha384`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`mgf1sha512`\" pulumi-lang-dotnet=\"`Mgf1sha512`\" pulumi-lang-go=\"`mgf1sha512`\" pulumi-lang-python=\"`mgf1sha512`\" pulumi-lang-yaml=\"`mgf1sha512`\" pulumi-lang-java=\"`mgf1sha512`\"\u003e`mgf1sha512`\u003c/span\u003e. Only valid when \u003cspan pulumi-lang-nodejs=\"`encryptionKeyAlgorithm`\" pulumi-lang-dotnet=\"`EncryptionKeyAlgorithm`\" pulumi-lang-go=\"`encryptionKeyAlgorithm`\" pulumi-lang-python=\"`encryption_key_algorithm`\" pulumi-lang-yaml=\"`encryptionKeyAlgorithm`\" pulumi-lang-java=\"`encryptionKeyAlgorithm`\"\u003e`encryption_key_algorithm`\u003c/span\u003e is `RSA-OAEP-11`. Default is \u003cspan pulumi-lang-nodejs=\"`mgf1sha256`\" pulumi-lang-dotnet=\"`Mgf1sha256`\" pulumi-lang-go=\"`mgf1sha256`\" pulumi-lang-python=\"`mgf1sha256`\" pulumi-lang-yaml=\"`mgf1sha256`\" pulumi-lang-java=\"`mgf1sha256`\"\u003e`mgf1sha256`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client. This can be used for custom attributes, or to add configuration attributes that is not yet supported by this Terraform provider. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates.\n"},"forceNameIdFormat":{"type":"boolean","description":"Ignore requested NameID subject format and use the one defined in \u003cspan pulumi-lang-nodejs=\"`nameIdFormat`\" pulumi-lang-dotnet=\"`NameIdFormat`\" pulumi-lang-go=\"`nameIdFormat`\" pulumi-lang-python=\"`name_id_format`\" pulumi-lang-yaml=\"`nameIdFormat`\" pulumi-lang-java=\"`nameIdFormat`\"\u003e`name_id_format`\u003c/span\u003e instead. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"forcePostBinding":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"frontChannelLogout":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this client will require a browser redirect in order to perform a logout. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullScopeAllowed":{"type":"boolean","description":"Allow to include all roles mappings in the access token\n"},"idpInitiatedSsoRelayState":{"type":"string","description":"Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n"},"idpInitiatedSsoUrlName":{"type":"string","description":"URL fragment name to reference client when you want to do IDP Initiated SSO.\n"},"includeAuthnStatement":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, an `AuthnStatement` will be included in the SAML response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"loginTheme":{"type":"string","description":"The login theme of this client.\n"},"logoutServicePostBindingUrl":{"type":"string","description":"SAML POST Binding URL for the client's single logout service.\n"},"logoutServiceRedirectBindingUrl":{"type":"string","description":"SAML Redirect Binding URL for the client's single logout service.\n"},"masterSamlProcessingUrl":{"type":"string","description":"When specified, this URL will be used for all SAML requests.\n"},"name":{"type":"string","description":"The display name of this client in the GUI.\n"},"nameIdFormat":{"type":"string","description":"Sets the Name ID format for the subject.\n"},"realmId":{"type":"string","description":"The realm this client is attached to.\n","willReplaceOnChanges":true},"rootUrl":{"type":"string","description":"When specified, this value is prepended to all relative URLs.\n"},"signAssertions":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"signDocuments":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML document will be signed by Keycloak using the realm's private key. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"signatureAlgorithm":{"type":"string","description":"The signature algorithm used to sign documents. Should be one of \"RSA_SHA1\", \"RSA_SHA256\", \"RSA_SHA256_MGF1, \"RSA_SHA512\", \"RSA_SHA512_MGF1\" or \"DSA_SHA1\".\n"},"signatureKeyName":{"type":"string","description":"The value of the `KeyName` element within the signed SAML document. Should be one of \"NONE\", \"KEY_ID\", or \"CERT_SUBJECT\". Defaults to \"KEY_ID\".\n"},"signingCertificate":{"type":"string","description":"If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n"},"signingPrivateKey":{"type":"string","description":"If documents or assertions from the client are signed, this private key will be used to verify the signature.\n"},"validRedirectUris":{"type":"array","items":{"type":"string"},"description":"When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n"}},"requiredInputs":["clientId","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering Client resources.\n","properties":{"alwaysDisplayInConsole":{"type":"boolean","description":"Always list this client in the Account UI, even if the user does not have an active session.\n"},"assertionConsumerPostUrl":{"type":"string","description":"SAML POST Binding URL for the client's assertion consumer service (login responses).\n"},"assertionConsumerRedirectUrl":{"type":"string","description":"SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n"},"authenticationFlowBindingOverrides":{"$ref":"#/types/keycloak:saml/ClientAuthenticationFlowBindingOverrides:ClientAuthenticationFlowBindingOverrides","description":"Override realm authentication flow bindings\n"},"baseUrl":{"type":"string","description":"When specified, this URL will be used whenever Keycloak needs to link to this client.\n"},"canonicalizationMethod":{"type":"string","description":"The Canonicalization Method for XML signatures. Should be one of \"EXCLUSIVE\", \"EXCLUSIVE_WITH_COMMENTS\", \"INCLUSIVE\", or \"INCLUSIVE_WITH_COMMENTS\". Defaults to \"EXCLUSIVE\".\n"},"clientId":{"type":"string","description":"The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n"},"clientSignatureRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via \u003cspan pulumi-lang-nodejs=\"`signingCertificate`\" pulumi-lang-dotnet=\"`SigningCertificate`\" pulumi-lang-go=\"`signingCertificate`\" pulumi-lang-python=\"`signing_certificate`\" pulumi-lang-yaml=\"`signingCertificate`\" pulumi-lang-java=\"`signingCertificate`\"\u003e`signing_certificate`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`signingPrivateKey`\" pulumi-lang-dotnet=\"`SigningPrivateKey`\" pulumi-lang-go=\"`signingPrivateKey`\" pulumi-lang-python=\"`signing_private_key`\" pulumi-lang-yaml=\"`signingPrivateKey`\" pulumi-lang-java=\"`signingPrivateKey`\"\u003e`signing_private_key`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"consentRequired":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users have to consent to client access. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"description":{"type":"string","description":"The description of this client in the GUI.\n"},"enabled":{"type":"boolean","description":"When false, this client will not be able to initiate a login or obtain access tokens. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"encryptAssertions":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"encryptionAlgorithm":{"type":"string","description":"Algorithm used to encrypt SAML assertions. Allowed values: `AES_256_GCM`, `AES_192_GCM`, `AES_128_GCM`, `AES_256_CBC`, `AES_192_CBC`, or `AES_128_CBC`.\n"},"encryptionCertificate":{"type":"string","description":"If assertions for the client are encrypted, this certificate will be used for encryption.\n"},"encryptionCertificateSha1":{"type":"string","description":"(Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty.\n"},"encryptionDigestMethod":{"type":"string","description":"Digest method used with SAML encryption. Allowed values: `SHA-512`, `SHA-256`, or `SHA-1`. Only valid when \u003cspan pulumi-lang-nodejs=\"`encryptionKeyAlgorithm`\" pulumi-lang-dotnet=\"`EncryptionKeyAlgorithm`\" pulumi-lang-go=\"`encryptionKeyAlgorithm`\" pulumi-lang-python=\"`encryption_key_algorithm`\" pulumi-lang-yaml=\"`encryptionKeyAlgorithm`\" pulumi-lang-java=\"`encryptionKeyAlgorithm`\"\u003e`encryption_key_algorithm`\u003c/span\u003e is `RSA-OAEP-11` or `RSA-OAEP-MGF1P`. Default is `SHA-256`.\n"},"encryptionKeyAlgorithm":{"type":"string","description":"Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: `RSA-OAEP-11`, `RSA-OAEP-MGF1P`, or `RSA1_5`. Default is `RSA-OAEP-11`.\n"},"encryptionMaskGenerationFunction":{"type":"string","description":"Mask generation function used with SAML encryption. Allowed values: \u003cspan pulumi-lang-nodejs=\"`mgf1sha1`\" pulumi-lang-dotnet=\"`Mgf1sha1`\" pulumi-lang-go=\"`mgf1sha1`\" pulumi-lang-python=\"`mgf1sha1`\" pulumi-lang-yaml=\"`mgf1sha1`\" pulumi-lang-java=\"`mgf1sha1`\"\u003e`mgf1sha1`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha224`\" pulumi-lang-dotnet=\"`Mgf1sha224`\" pulumi-lang-go=\"`mgf1sha224`\" pulumi-lang-python=\"`mgf1sha224`\" pulumi-lang-yaml=\"`mgf1sha224`\" pulumi-lang-java=\"`mgf1sha224`\"\u003e`mgf1sha224`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha256`\" pulumi-lang-dotnet=\"`Mgf1sha256`\" pulumi-lang-go=\"`mgf1sha256`\" pulumi-lang-python=\"`mgf1sha256`\" pulumi-lang-yaml=\"`mgf1sha256`\" pulumi-lang-java=\"`mgf1sha256`\"\u003e`mgf1sha256`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mgf1sha384`\" pulumi-lang-dotnet=\"`Mgf1sha384`\" pulumi-lang-go=\"`mgf1sha384`\" pulumi-lang-python=\"`mgf1sha384`\" pulumi-lang-yaml=\"`mgf1sha384`\" pulumi-lang-java=\"`mgf1sha384`\"\u003e`mgf1sha384`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`mgf1sha512`\" pulumi-lang-dotnet=\"`Mgf1sha512`\" pulumi-lang-go=\"`mgf1sha512`\" pulumi-lang-python=\"`mgf1sha512`\" pulumi-lang-yaml=\"`mgf1sha512`\" pulumi-lang-java=\"`mgf1sha512`\"\u003e`mgf1sha512`\u003c/span\u003e. Only valid when \u003cspan pulumi-lang-nodejs=\"`encryptionKeyAlgorithm`\" pulumi-lang-dotnet=\"`EncryptionKeyAlgorithm`\" pulumi-lang-go=\"`encryptionKeyAlgorithm`\" pulumi-lang-python=\"`encryption_key_algorithm`\" pulumi-lang-yaml=\"`encryptionKeyAlgorithm`\" pulumi-lang-java=\"`encryptionKeyAlgorithm`\"\u003e`encryption_key_algorithm`\u003c/span\u003e is `RSA-OAEP-11`. Default is \u003cspan pulumi-lang-nodejs=\"`mgf1sha256`\" pulumi-lang-dotnet=\"`Mgf1sha256`\" pulumi-lang-go=\"`mgf1sha256`\" pulumi-lang-python=\"`mgf1sha256`\" pulumi-lang-yaml=\"`mgf1sha256`\" pulumi-lang-java=\"`mgf1sha256`\"\u003e`mgf1sha256`\u003c/span\u003e.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client. This can be used for custom attributes, or to add configuration attributes that is not yet supported by this Terraform provider. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates.\n"},"forceNameIdFormat":{"type":"boolean","description":"Ignore requested NameID subject format and use the one defined in \u003cspan pulumi-lang-nodejs=\"`nameIdFormat`\" pulumi-lang-dotnet=\"`NameIdFormat`\" pulumi-lang-go=\"`nameIdFormat`\" pulumi-lang-python=\"`name_id_format`\" pulumi-lang-yaml=\"`nameIdFormat`\" pulumi-lang-java=\"`nameIdFormat`\"\u003e`name_id_format`\u003c/span\u003e instead. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"forcePostBinding":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Keycloak will always respond to an authentication request via the SAML POST Binding. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"frontChannelLogout":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, this client will require a browser redirect in order to perform a logout. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"fullScopeAllowed":{"type":"boolean","description":"Allow to include all roles mappings in the access token\n"},"idpInitiatedSsoRelayState":{"type":"string","description":"Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n"},"idpInitiatedSsoUrlName":{"type":"string","description":"URL fragment name to reference client when you want to do IDP Initiated SSO.\n"},"includeAuthnStatement":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, an `AuthnStatement` will be included in the SAML response. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"loginTheme":{"type":"string","description":"The login theme of this client.\n"},"logoutServicePostBindingUrl":{"type":"string","description":"SAML POST Binding URL for the client's single logout service.\n"},"logoutServiceRedirectBindingUrl":{"type":"string","description":"SAML Redirect Binding URL for the client's single logout service.\n"},"masterSamlProcessingUrl":{"type":"string","description":"When specified, this URL will be used for all SAML requests.\n"},"name":{"type":"string","description":"The display name of this client in the GUI.\n"},"nameIdFormat":{"type":"string","description":"Sets the Name ID format for the subject.\n"},"realmId":{"type":"string","description":"The realm this client is attached to.\n","willReplaceOnChanges":true},"rootUrl":{"type":"string","description":"When specified, this value is prepended to all relative URLs.\n"},"signAssertions":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"signDocuments":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the SAML document will be signed by Keycloak using the realm's private key. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"signatureAlgorithm":{"type":"string","description":"The signature algorithm used to sign documents. Should be one of \"RSA_SHA1\", \"RSA_SHA256\", \"RSA_SHA256_MGF1, \"RSA_SHA512\", \"RSA_SHA512_MGF1\" or \"DSA_SHA1\".\n"},"signatureKeyName":{"type":"string","description":"The value of the `KeyName` element within the signed SAML document. Should be one of \"NONE\", \"KEY_ID\", or \"CERT_SUBJECT\". Defaults to \"KEY_ID\".\n"},"signingCertificate":{"type":"string","description":"If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n"},"signingCertificateSha1":{"type":"string","description":"(Computed) The sha1sum fingerprint of the signing certificate. If the signing certificate is not in correct base64 format, this will be left empty.\n"},"signingPrivateKey":{"type":"string","description":"If documents or assertions from the client are signed, this private key will be used to verify the signature.\n"},"signingPrivateKeySha1":{"type":"string","description":"(Computed) The sha1sum fingerprint of the signing private key. If the signing private key is not in correct base64 format, this will be left empty.\n"},"validRedirectUris":{"type":"array","items":{"type":"string"},"description":"When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n"}},"type":"object"}},"keycloak:saml/clientDefaultScope:ClientDefaultScope":{"description":"Allows for managing a Keycloak client's default client scopes. A default scope that is attached to a client using the SAML\nprotocol will automatically use the protocol mappers defined within that scope to build claims for this client.\n\nNote that this resource attempts to be an **authoritative** source over default scopes for a Keycloak client using the SAML\nprotocol. This means that once Terraform controls a particular client's default scopes, it will attempt to remove any default\nscopes that were attached manually, and it will attempt to add any default scopes that were detached manually.\n\nBy default, Keycloak sets the \u003cspan pulumi-lang-nodejs=\"`roleList`\" pulumi-lang-dotnet=\"`RoleList`\" pulumi-lang-go=\"`roleList`\" pulumi-lang-python=\"`role_list`\" pulumi-lang-yaml=\"`roleList`\" pulumi-lang-java=\"`roleList`\"\u003e`role_list`\u003c/span\u003e scope as default scope for every newly created client. If you create this resource\nfor the first time and do not include this scope, a following run of `pulumi preview` will result in changes.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\nimport * as std from \"@pulumi/std\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n name: \"saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: std.index.file({\n input: \"saml-cert.pem\",\n }).result,\n signingPrivateKey: std.index.file({\n input: \"saml-key.pem\",\n }).result,\n});\nconst clientScope = new keycloak.saml.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst clientDefaultScopes = new keycloak.saml.ClientDefaultScope(\"client_default_scopes\", {\n realmId: realm.id,\n clientId: client.id,\n defaultScopes: [\n \"role_list\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\nimport pulumi_std as std\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n name=\"saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=std.index.file(input=\"saml-cert.pem\")[\"result\"],\n signing_private_key=std.index.file(input=\"saml-key.pem\")[\"result\"])\nclient_scope = keycloak.saml.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nclient_default_scopes = keycloak.saml.ClientDefaultScope(\"client_default_scopes\",\n realm_id=realm.id,\n client_id=client[\"id\"],\n default_scopes=[\n \"role_list\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n Name = \"saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = Std.Index.File.Invoke(new()\n {\n Input = \"saml-cert.pem\",\n }).Result,\n SigningPrivateKey = Std.Index.File.Invoke(new()\n {\n Input = \"saml-key.pem\",\n }).Result,\n });\n\n var clientScope = new Keycloak.Saml.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var clientDefaultScopes = new Keycloak.Saml.ClientDefaultScope(\"client_default_scopes\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n DefaultScopes = new[]\n {\n \"role_list\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, map[string]interface{}{\n\t\t\t\"input\": \"saml-cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, map[string]interface{}{\n\t\t\t\"input\": \"saml-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tName: pulumi.String(\"saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: invokeFile.Result,\n\t\t\tSigningPrivateKey: invokeFile1.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := saml.NewClientScope(ctx, \"client_scope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientDefaultScope(ctx, \"client_default_scopes\", \u0026saml.ClientDefaultScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(client.Id),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"role_list\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport com.pulumi.keycloak.saml.ClientDefaultScope;\nimport com.pulumi.keycloak.saml.ClientDefaultScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"saml-client\")\n .name(\"saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(StdFunctions.file(Map.of(\"input\", \"saml-cert.pem\")).result())\n .signingPrivateKey(StdFunctions.file(Map.of(\"input\", \"saml-key.pem\")).result())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var clientDefaultScopes = new ClientDefaultScope(\"clientDefaultScopes\", ClientDefaultScopeArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .defaultScopes( \n \"role_list\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n name: saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: saml-cert.pem\n return: result\n signingPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: saml-key.pem\n return: result\n clientScope:\n type: keycloak:saml:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n clientDefaultScopes:\n type: keycloak:saml:ClientDefaultScope\n name: client_default_scopes\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n defaultScopes:\n - role_list\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist\non the server.\n\n","properties":{"clientId":{"type":"string","description":"The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n"},"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n"}},"required":["clientId","defaultScopes","realmId"],"inputProperties":{"clientId":{"type":"string","description":"The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n","willReplaceOnChanges":true},"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"requiredInputs":["clientId","defaultScopes","realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientDefaultScope resources.\n","properties":{"clientId":{"type":"string","description":"The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n","willReplaceOnChanges":true},"defaultScopes":{"type":"array","items":{"type":"string"},"description":"An array of client scope names to attach to this client.\n"},"realmId":{"type":"string","description":"The realm this client and scopes exists in.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:saml/clientScope:ClientScope":{"description":"Allows for creating and managing Keycloak client scopes that can be attached to clients that use the SAML protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple clients within a realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientScope = new keycloak.saml.ClientScope(\"saml_client_scope\", {\n realmId: realm.id,\n name: \"groups\",\n description: \"This scope will map a user's group memberships to SAML assertion\",\n guiOrder: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_scope = keycloak.saml.ClientScope(\"saml_client_scope\",\n realm_id=realm.id,\n name=\"groups\",\n description=\"This scope will map a user's group memberships to SAML assertion\",\n gui_order=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientScope = new Keycloak.Saml.ClientScope(\"saml_client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"groups\",\n Description = \"This scope will map a user's group memberships to SAML assertion\",\n GuiOrder = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientScope(ctx, \"saml_client_scope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"groups\"),\n\t\t\tDescription: pulumi.String(\"This scope will map a user's group memberships to SAML assertion\"),\n\t\t\tGuiOrder: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClientScope = new ClientScope(\"samlClientScope\", ClientScopeArgs.builder()\n .realmId(realm.id())\n .name(\"groups\")\n .description(\"This scope will map a user's group memberships to SAML assertion\")\n .guiOrder(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientScope:\n type: keycloak:saml:ClientScope\n name: saml_client_scope\n properties:\n realmId: ${realm.id}\n name: groups\n description: This scope will map a user's group memberships to SAML assertion\n guiOrder: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e is the unique ID that Keycloak\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_client_scope.saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e\n```\n\n","properties":{"consentScreenText":{"type":"string","description":"When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n"},"description":{"type":"string","description":"The description of this client scope in the GUI.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client scope. This can be used for custom attributes or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"guiOrder":{"type":"integer","description":"Specify order of the client scope in GUI (such as in Consent page) as integer.\n"},"name":{"type":"string","description":"The display name of this client scope in the GUI.\n"},"realmId":{"type":"string","description":"The realm this client scope belongs to.\n"}},"required":["name","realmId"],"inputProperties":{"consentScreenText":{"type":"string","description":"When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n"},"description":{"type":"string","description":"The description of this client scope in the GUI.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client scope. This can be used for custom attributes or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"guiOrder":{"type":"integer","description":"Specify order of the client scope in GUI (such as in Consent page) as integer.\n"},"name":{"type":"string","description":"The display name of this client scope in the GUI.\n"},"realmId":{"type":"string","description":"The realm this client scope belongs to.\n","willReplaceOnChanges":true}},"requiredInputs":["realmId"],"stateInputs":{"description":"Input properties used for looking up and filtering ClientScope resources.\n","properties":{"consentScreenText":{"type":"string","description":"When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.\n"},"description":{"type":"string","description":"The description of this client scope in the GUI.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration attributes to this client scope. This can be used for custom attributes or to add configuration attributes that are not yet supported by this Terraform provider. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates.\n"},"guiOrder":{"type":"integer","description":"Specify order of the client scope in GUI (such as in Consent page) as integer.\n"},"name":{"type":"string","description":"The display name of this client scope in the GUI.\n"},"realmId":{"type":"string","description":"The realm this client scope belongs to.\n","willReplaceOnChanges":true}},"type":"object"}},"keycloak:saml/identityProvider:IdentityProvider":{"description":"Allows for creating and managing SAML Identity Providers within Keycloak.\n\nSAML (Security Assertion Markup Language) identity providers allows users to authenticate through a third-party system using the SAML protocol.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmSamlIdentityProvider = new keycloak.saml.IdentityProvider(\"realm_saml_identity_provider\", {\n realm: realm.id,\n alias: \"my-saml-idp\",\n entityId: \"https://domain.com/entity_id\",\n singleSignOnServiceUrl: \"https://domain.com/adfs/ls/\",\n singleLogoutServiceUrl: \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n backchannelSupported: true,\n postBindingResponse: true,\n postBindingLogout: true,\n postBindingAuthnRequest: true,\n storeToken: false,\n trustEmail: true,\n forceAuthn: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_saml_identity_provider = keycloak.saml.IdentityProvider(\"realm_saml_identity_provider\",\n realm=realm.id,\n alias=\"my-saml-idp\",\n entity_id=\"https://domain.com/entity_id\",\n single_sign_on_service_url=\"https://domain.com/adfs/ls/\",\n single_logout_service_url=\"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n backchannel_supported=True,\n post_binding_response=True,\n post_binding_logout=True,\n post_binding_authn_request=True,\n store_token=False,\n trust_email=True,\n force_authn=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmSamlIdentityProvider = new Keycloak.Saml.IdentityProvider(\"realm_saml_identity_provider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-saml-idp\",\n EntityId = \"https://domain.com/entity_id\",\n SingleSignOnServiceUrl = \"https://domain.com/adfs/ls/\",\n SingleLogoutServiceUrl = \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n BackchannelSupported = true,\n PostBindingResponse = true,\n PostBindingLogout = true,\n PostBindingAuthnRequest = true,\n StoreToken = false,\n TrustEmail = true,\n ForceAuthn = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewIdentityProvider(ctx, \"realm_saml_identity_provider\", \u0026saml.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-saml-idp\"),\n\t\t\tEntityId: pulumi.String(\"https://domain.com/entity_id\"),\n\t\t\tSingleSignOnServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/\"),\n\t\t\tSingleLogoutServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/?wa=wsignout1.0\"),\n\t\t\tBackchannelSupported: pulumi.Bool(true),\n\t\t\tPostBindingResponse: pulumi.Bool(true),\n\t\t\tPostBindingLogout: pulumi.Bool(true),\n\t\t\tPostBindingAuthnRequest: pulumi.Bool(true),\n\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tForceAuthn: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.IdentityProvider;\nimport com.pulumi.keycloak.saml.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmSamlIdentityProvider = new IdentityProvider(\"realmSamlIdentityProvider\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"my-saml-idp\")\n .entityId(\"https://domain.com/entity_id\")\n .singleSignOnServiceUrl(\"https://domain.com/adfs/ls/\")\n .singleLogoutServiceUrl(\"https://domain.com/adfs/ls/?wa=wsignout1.0\")\n .backchannelSupported(true)\n .postBindingResponse(true)\n .postBindingLogout(true)\n .postBindingAuthnRequest(true)\n .storeToken(false)\n .trustEmail(true)\n .forceAuthn(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmSamlIdentityProvider:\n type: keycloak:saml:IdentityProvider\n name: realm_saml_identity_provider\n properties:\n realm: ${realm.id}\n alias: my-saml-idp\n entityId: https://domain.com/entity_id\n singleSignOnServiceUrl: https://domain.com/adfs/ls/\n singleLogoutServiceUrl: https://domain.com/adfs/ls/?wa=wsignout1.0\n backchannelSupported: true\n postBindingResponse: true\n postBindingLogout: true\n postBindingAuthnRequest: true\n storeToken: false\n trustEmail: true\n forceAuthn: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where \u003cspan pulumi-lang-nodejs=\"`idpAlias`\" pulumi-lang-dotnet=\"`IdpAlias`\" pulumi-lang-go=\"`idpAlias`\" pulumi-lang-python=\"`idp_alias`\" pulumi-lang-yaml=\"`idpAlias`\" pulumi-lang-java=\"`idpAlias`\"\u003e`idp_alias`\u003c/span\u003e is the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_identity_provider.realm_saml_identity_provider my-realm/my-saml-idp\n```\n\n","properties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"alias":{"type":"string","description":"The unique name of identity provider.\n"},"authenticateByDefault":{"type":"boolean","description":"Authenticate users by default. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"authnContextClassRefs":{"type":"array","items":{"type":"string"},"description":"Ordered list of requested AuthnContext ClassRefs.\n"},"authnContextComparisonType":{"type":"string","description":"Specifies the comparison method used to evaluate the requested context classes or statements.\n"},"authnContextDeclRefs":{"type":"array","items":{"type":"string"},"description":"Ordered list of requested AuthnContext DeclRefs.\n"},"backchannelSupported":{"type":"boolean","description":"Does the external IDP support backchannel logout?. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"The display name for the realm that is shown when logging in to the admin console.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, users and clients will not be able to access this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"entityId":{"type":"string","description":"The Entity ID that will be used to uniquely identify this SAML Service Provider.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n"},"forceAuthn":{"type":"boolean","description":"Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n"},"internalId":{"type":"string","description":"Internal Identity Provider Id"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"loginHint":{"type":"string","description":"Login Hint."},"nameIdPolicyFormat":{"type":"string","description":"Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n"},"orgDomain":{"type":"string","description":"The organization domain to associate this identity provider with. It is used to map users to an organization based on their email domain and to authenticate them accordingly in the scope of the organization.\n"},"orgRedirectModeEmailMatches":{"type":"boolean","description":"Indicates whether to automatically redirect users to this identity provider when email domain matches domain.\n"},"organizationId":{"type":"string","description":"The ID of the organization to link this identity provider to.\n"},"postBindingAuthnRequest":{"type":"boolean","description":"Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBindingLogout":{"type":"boolean","description":"Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBindingResponse":{"type":"boolean","description":"Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n"},"principalAttribute":{"type":"string","description":"The principal attribute.\n"},"principalType":{"type":"string","description":"The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n"},"signatureAlgorithm":{"type":"string","description":"Signing Algorithm. Defaults to empty.\n"},"signingCertificate":{"type":"string","description":"Signing Certificate.\n"},"singleLogoutServiceUrl":{"type":"string","description":"The Url that must be used to send logout requests.\n"},"singleSignOnServiceUrl":{"type":"string","description":"The Url that must be used to send authentication requests (SAML AuthnRequest).\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"validateSignature":{"type":"boolean","description":"Enable/disable signature validation of SAML responses.\n"},"wantAssertionsEncrypted":{"type":"boolean","description":"Indicates whether this service provider expects an encrypted Assertion.\n"},"wantAssertionsSigned":{"type":"boolean","description":"Indicates whether this service provider expects a signed Assertion.\n"},"wantAuthnRequestsSigned":{"type":"boolean","description":"Indicates whether this service provider expects authentication requests to be signed (defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e if \u003cspan pulumi-lang-nodejs=\"`signatureAlgorithm`\" pulumi-lang-dotnet=\"`SignatureAlgorithm`\" pulumi-lang-go=\"`signatureAlgorithm`\" pulumi-lang-python=\"`signature_algorithm`\" pulumi-lang-yaml=\"`signatureAlgorithm`\" pulumi-lang-java=\"`signatureAlgorithm`\"\u003e`signature_algorithm`\u003c/span\u003e is set and this isn't).\n"},"xmlSignKeyInfoKeyNameTransformer":{"type":"string","description":"The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.\n"}},"required":["alias","entityId","internalId","realm","singleSignOnServiceUrl"],"inputProperties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The unique name of identity provider.\n","willReplaceOnChanges":true},"authenticateByDefault":{"type":"boolean","description":"Authenticate users by default. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"authnContextClassRefs":{"type":"array","items":{"type":"string"},"description":"Ordered list of requested AuthnContext ClassRefs.\n"},"authnContextComparisonType":{"type":"string","description":"Specifies the comparison method used to evaluate the requested context classes or statements.\n"},"authnContextDeclRefs":{"type":"array","items":{"type":"string"},"description":"Ordered list of requested AuthnContext DeclRefs.\n"},"backchannelSupported":{"type":"boolean","description":"Does the external IDP support backchannel logout?. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"The display name for the realm that is shown when logging in to the admin console.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, users and clients will not be able to access this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"entityId":{"type":"string","description":"The Entity ID that will be used to uniquely identify this SAML Service Provider.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n"},"forceAuthn":{"type":"boolean","description":"Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"loginHint":{"type":"string","description":"Login Hint."},"nameIdPolicyFormat":{"type":"string","description":"Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n"},"orgDomain":{"type":"string","description":"The organization domain to associate this identity provider with. It is used to map users to an organization based on their email domain and to authenticate them accordingly in the scope of the organization.\n"},"orgRedirectModeEmailMatches":{"type":"boolean","description":"Indicates whether to automatically redirect users to this identity provider when email domain matches domain.\n"},"organizationId":{"type":"string","description":"The ID of the organization to link this identity provider to.\n"},"postBindingAuthnRequest":{"type":"boolean","description":"Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBindingLogout":{"type":"boolean","description":"Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBindingResponse":{"type":"boolean","description":"Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n"},"principalAttribute":{"type":"string","description":"The principal attribute.\n"},"principalType":{"type":"string","description":"The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"signatureAlgorithm":{"type":"string","description":"Signing Algorithm. Defaults to empty.\n"},"signingCertificate":{"type":"string","description":"Signing Certificate.\n"},"singleLogoutServiceUrl":{"type":"string","description":"The Url that must be used to send logout requests.\n"},"singleSignOnServiceUrl":{"type":"string","description":"The Url that must be used to send authentication requests (SAML AuthnRequest).\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"validateSignature":{"type":"boolean","description":"Enable/disable signature validation of SAML responses.\n"},"wantAssertionsEncrypted":{"type":"boolean","description":"Indicates whether this service provider expects an encrypted Assertion.\n"},"wantAssertionsSigned":{"type":"boolean","description":"Indicates whether this service provider expects a signed Assertion.\n"},"wantAuthnRequestsSigned":{"type":"boolean","description":"Indicates whether this service provider expects authentication requests to be signed (defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e if \u003cspan pulumi-lang-nodejs=\"`signatureAlgorithm`\" pulumi-lang-dotnet=\"`SignatureAlgorithm`\" pulumi-lang-go=\"`signatureAlgorithm`\" pulumi-lang-python=\"`signature_algorithm`\" pulumi-lang-yaml=\"`signatureAlgorithm`\" pulumi-lang-java=\"`signatureAlgorithm`\"\u003e`signature_algorithm`\u003c/span\u003e is set and this isn't).\n"},"xmlSignKeyInfoKeyNameTransformer":{"type":"string","description":"The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.\n"}},"requiredInputs":["alias","entityId","realm","singleSignOnServiceUrl"],"stateInputs":{"description":"Input properties used for looking up and filtering IdentityProvider resources.\n","properties":{"addReadTokenRoleOnCreate":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","willReplaceOnChanges":true},"alias":{"type":"string","description":"The unique name of identity provider.\n","willReplaceOnChanges":true},"authenticateByDefault":{"type":"boolean","description":"Authenticate users by default. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"authnContextClassRefs":{"type":"array","items":{"type":"string"},"description":"Ordered list of requested AuthnContext ClassRefs.\n"},"authnContextComparisonType":{"type":"string","description":"Specifies the comparison method used to evaluate the requested context classes or statements.\n"},"authnContextDeclRefs":{"type":"array","items":{"type":"string"},"description":"Ordered list of requested AuthnContext DeclRefs.\n"},"backchannelSupported":{"type":"boolean","description":"Does the external IDP support backchannel logout?. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"The display name for the realm that is shown when logging in to the admin console.\n"},"enabled":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, users and clients will not be able to access this realm. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"entityId":{"type":"string","description":"The Entity ID that will be used to uniquely identify this SAML Service Provider.\n"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of key/value pairs to add extra configuration to this identity provider. This can be used for custom oidc provider implementations, or to add configuration that is not yet supported by this Terraform provider. Use this attribute at your own risk, as custom attributes may conflict with top-level configuration attributes in future provider updates.\n"},"firstBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n"},"forceAuthn":{"type":"boolean","description":"Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n"},"guiOrder":{"type":"string","description":"A number defining the order of this identity provider in the GUI.\n"},"hideOnLoginPage":{"type":"boolean","description":"If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n"},"internalId":{"type":"string","description":"Internal Identity Provider Id"},"linkOnly":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, users cannot log in using this provider, but their existing accounts will be linked when possible. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"loginHint":{"type":"string","description":"Login Hint."},"nameIdPolicyFormat":{"type":"string","description":"Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n"},"orgDomain":{"type":"string","description":"The organization domain to associate this identity provider with. It is used to map users to an organization based on their email domain and to authenticate them accordingly in the scope of the organization.\n"},"orgRedirectModeEmailMatches":{"type":"boolean","description":"Indicates whether to automatically redirect users to this identity provider when email domain matches domain.\n"},"organizationId":{"type":"string","description":"The ID of the organization to link this identity provider to.\n"},"postBindingAuthnRequest":{"type":"boolean","description":"Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBindingLogout":{"type":"boolean","description":"Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBindingResponse":{"type":"boolean","description":"Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n"},"postBrokerLoginFlowAlias":{"type":"string","description":"Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n"},"principalAttribute":{"type":"string","description":"The principal attribute.\n"},"principalType":{"type":"string","description":"The principal type. Can be one of `SUBJECT`, `ATTRIBUTE` or `FRIENDLY_ATTRIBUTE`.\n"},"providerId":{"type":"string","description":"The ID of the identity provider to use. Defaults to \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e, which should be used unless you have extended Keycloak and provided your own implementation.\n"},"realm":{"type":"string","description":"The name of the realm. This is unique across Keycloak.\n","willReplaceOnChanges":true},"signatureAlgorithm":{"type":"string","description":"Signing Algorithm. Defaults to empty.\n"},"signingCertificate":{"type":"string","description":"Signing Certificate.\n"},"singleLogoutServiceUrl":{"type":"string","description":"The Url that must be used to send logout requests.\n"},"singleSignOnServiceUrl":{"type":"string","description":"The Url that must be used to send authentication requests (SAML AuthnRequest).\n"},"storeToken":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, tokens will be stored after authenticating users. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"syncMode":{"type":"string","description":"The default sync mode to use for all mappers attached to this identity provider. Can be one of `IMPORT`, `FORCE`, or `LEGACY`.\n"},"trustEmail":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"validateSignature":{"type":"boolean","description":"Enable/disable signature validation of SAML responses.\n"},"wantAssertionsEncrypted":{"type":"boolean","description":"Indicates whether this service provider expects an encrypted Assertion.\n"},"wantAssertionsSigned":{"type":"boolean","description":"Indicates whether this service provider expects a signed Assertion.\n"},"wantAuthnRequestsSigned":{"type":"boolean","description":"Indicates whether this service provider expects authentication requests to be signed (defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e if \u003cspan pulumi-lang-nodejs=\"`signatureAlgorithm`\" pulumi-lang-dotnet=\"`SignatureAlgorithm`\" pulumi-lang-go=\"`signatureAlgorithm`\" pulumi-lang-python=\"`signature_algorithm`\" pulumi-lang-yaml=\"`signatureAlgorithm`\" pulumi-lang-java=\"`signatureAlgorithm`\"\u003e`signature_algorithm`\u003c/span\u003e is set and this isn't).\n"},"xmlSignKeyInfoKeyNameTransformer":{"type":"string","description":"The SAML signature key name. Can be one of `NONE`, `KEY_ID`, or `CERT_SUBJECT`.\n"}},"type":"object"}},"keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper":{"description":"Allows for creating and managing script protocol mappers for SAML clients within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce an attribute value based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n name: \"saml-client\",\n});\nconst samlScriptMapper = new keycloak.saml.ScriptProtocolMapper(\"saml_script_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"script-mapper\",\n script: \"exports = 'foo';\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n name=\"saml-client\")\nsaml_script_mapper = keycloak.saml.ScriptProtocolMapper(\"saml_script_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"script-mapper\",\n script=\"exports = 'foo';\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n Name = \"saml-client\",\n });\n\n var samlScriptMapper = new Keycloak.Saml.ScriptProtocolMapper(\"saml_script_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"script-mapper\",\n Script = \"exports = 'foo';\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tName: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewScriptProtocolMapper(ctx, \"saml_script_mapper\", \u0026saml.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"script-mapper\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapper;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"saml-client\")\n .name(\"saml-client\")\n .build());\n\n var samlScriptMapper = new ScriptProtocolMapper(\"samlScriptMapper\", ScriptProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"script-mapper\")\n .script(\"exports = 'foo';\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n name: saml-client\n samlScriptMapper:\n type: keycloak:saml:ScriptProtocolMapper\n name: saml_script_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: script-mapper\n script: exports = 'foo';\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_script_protocol_mapper.saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_script_protocol_mapper.saml_script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"script":{"type":"string","description":"JavaScript code to compute the attribute value.\n"},"singleValueAttribute":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, all values will be stored under one attribute with multiple attribute values. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"}},"required":["name","realmId","samlAttributeName","samlAttributeNameFormat","script"],"inputProperties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"script":{"type":"string","description":"JavaScript code to compute the attribute value.\n"},"singleValueAttribute":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, all values will be stored under one attribute with multiple attribute values. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"}},"requiredInputs":["realmId","samlAttributeName","samlAttributeNameFormat","script"],"stateInputs":{"description":"Input properties used for looking up and filtering ScriptProtocolMapper resources.\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"script":{"type":"string","description":"JavaScript code to compute the attribute value.\n"},"singleValueAttribute":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, all values will be stored under one attribute with multiple attribute values. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"}},"type":"object"}},"keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper":{"description":"Allows for creating and managing user attribute protocol mappers for SAML clients within Keycloak.\n\nSAML user attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to an attribute\nin a SAML assertion.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n name: \"saml-client\",\n});\nconst samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper(\"saml_user_attribute_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"displayname-user-attribute-mapper\",\n userAttribute: \"displayName\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n name=\"saml-client\")\nsaml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper(\"saml_user_attribute_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"displayname-user-attribute-mapper\",\n user_attribute=\"displayName\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n Name = \"saml-client\",\n });\n\n var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper(\"saml_user_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"displayname-user-attribute-mapper\",\n UserAttribute = \"displayName\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tName: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserAttributeProtocolMapper(ctx, \"saml_user_attribute_mapper\", \u0026saml.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"displayname-user-attribute-mapper\"),\n\t\t\tUserAttribute: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"saml-client\")\n .name(\"saml-client\")\n .build());\n\n var samlUserAttributeMapper = new UserAttributeProtocolMapper(\"samlUserAttributeMapper\", UserAttributeProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"displayname-user-attribute-mapper\")\n .userAttribute(\"displayName\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n name: saml-client\n samlUserAttributeMapper:\n type: keycloak:saml:UserAttributeProtocolMapper\n name: saml_user_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: displayname-user-attribute-mapper\n userAttribute: displayName\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"aggregateAttributes":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"userAttribute":{"type":"string","description":"The custom user attribute to map.\n"}},"required":["name","realmId","samlAttributeName","samlAttributeNameFormat","userAttribute"],"inputProperties":{"aggregateAttributes":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"userAttribute":{"type":"string","description":"The custom user attribute to map.\n"}},"requiredInputs":["realmId","samlAttributeName","samlAttributeNameFormat","userAttribute"],"stateInputs":{"description":"Input properties used for looking up and filtering UserAttributeProtocolMapper resources.\n","properties":{"aggregateAttributes":{"type":"boolean","description":"Indicates whether this attribute is a single value or an array of values. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"userAttribute":{"type":"string","description":"The custom user attribute to map.\n"}},"type":"object"}},"keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper":{"description":"Allows for creating and managing user property protocol mappers for SAML clients within Keycloak.\n\nSAML user property protocol mappers allow you to map properties of the Keycloak\nuser model to an attribute in a SAML assertion.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n name: \"saml-client\",\n});\nconst samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper(\"saml_user_property_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"email-user-property-mapper\",\n userProperty: \"email\",\n samlAttributeName: \"email\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n name=\"saml-client\")\nsaml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper(\"saml_user_property_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"email-user-property-mapper\",\n user_property=\"email\",\n saml_attribute_name=\"email\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n Name = \"saml-client\",\n });\n\n var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper(\"saml_user_property_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"email-user-property-mapper\",\n UserProperty = \"email\",\n SamlAttributeName = \"email\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tName: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserPropertyProtocolMapper(ctx, \"saml_user_property_mapper\", \u0026saml.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"email-user-property-mapper\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tSamlAttributeName: pulumi.String(\"email\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"saml-client\")\n .name(\"saml-client\")\n .build());\n\n var samlUserPropertyMapper = new UserPropertyProtocolMapper(\"samlUserPropertyMapper\", UserPropertyProtocolMapperArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"email-user-property-mapper\")\n .userProperty(\"email\")\n .samlAttributeName(\"email\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n name: saml-client\n samlUserPropertyMapper:\n type: keycloak:saml:UserPropertyProtocolMapper\n name: saml_user_property_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: email-user-property-mapper\n userProperty: email\n samlAttributeName: email\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n"},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n"},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"userProperty":{"type":"string","description":"The property of the Keycloak user model to map.\n"}},"required":["name","realmId","samlAttributeName","samlAttributeNameFormat","userProperty"],"inputProperties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"userProperty":{"type":"string","description":"The property of the Keycloak user model to map.\n"}},"requiredInputs":["realmId","samlAttributeName","samlAttributeNameFormat","userProperty"],"stateInputs":{"description":"Input properties used for looking up and filtering UserPropertyProtocolMapper resources.\n","properties":{"clientId":{"type":"string","description":"The client this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"clientScopeId":{"type":"string","description":"The client scope this protocol mapper should be attached to. Conflicts with \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`client_id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`clientScopeId`\" pulumi-lang-dotnet=\"`ClientScopeId`\" pulumi-lang-go=\"`clientScopeId`\" pulumi-lang-python=\"`client_scope_id`\" pulumi-lang-yaml=\"`clientScopeId`\" pulumi-lang-java=\"`clientScopeId`\"\u003e`client_scope_id`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true},"friendlyName":{"type":"string","description":"An optional human-friendly name for this attribute.\n"},"name":{"type":"string","description":"The display name of this protocol mapper in the GUI.\n"},"realmId":{"type":"string","description":"The realm this protocol mapper exists within.\n","willReplaceOnChanges":true},"samlAttributeName":{"type":"string","description":"The name of the SAML attribute.\n"},"samlAttributeNameFormat":{"type":"string","description":"The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n"},"userProperty":{"type":"string","description":"The property of the Keycloak user model to map.\n"}},"type":"object"}}},"functions":{"keycloak:authentication/getSubflow:getSubflow":{"description":"This data source can be used to fetch the details of an authentication subflow within Keycloak.\n\nAn authentication subflow is a nested flow within a parent authentication flow that groups related authentication steps together.\n\n## Example Usage\n\n### Lookup by Alias (Human-readable)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst myFlow = new keycloak.authentication.Flow(\"my_flow\", {\n realmId: realm.id,\n alias: \"my-custom-flow\",\n});\nconst mySubflow = new keycloak.authentication.Subflow(\"my_subflow\", {\n realmId: realm.id,\n parentFlowAlias: myFlow.alias,\n alias: \"my-subflow\",\n providerId: \"basic-flow\",\n});\nconst subflow = keycloak.authentication.getSubflowOutput({\n realmId: realm.id,\n parentFlowAlias: myFlow.alias,\n alias: \"my-subflow\",\n});\nexport const subflowId = subflow.apply(subflow =\u003e subflow.id);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nmy_flow = keycloak.authentication.Flow(\"my_flow\",\n realm_id=realm.id,\n alias=\"my-custom-flow\")\nmy_subflow = keycloak.authentication.Subflow(\"my_subflow\",\n realm_id=realm.id,\n parent_flow_alias=my_flow.alias,\n alias=\"my-subflow\",\n provider_id=\"basic-flow\")\nsubflow = keycloak.authentication.get_subflow_output(realm_id=realm.id,\n parent_flow_alias=my_flow.alias,\n alias=\"my-subflow\")\npulumi.export(\"subflowId\", subflow.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var myFlow = new Keycloak.Authentication.Flow(\"my_flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-custom-flow\",\n });\n\n var mySubflow = new Keycloak.Authentication.Subflow(\"my_subflow\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = myFlow.Alias,\n Alias = \"my-subflow\",\n ProviderId = \"basic-flow\",\n });\n\n var subflow = Keycloak.Authentication.GetSubflow.Invoke(new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = myFlow.Alias,\n Alias = \"my-subflow\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"subflowId\"] = subflow.Apply(getSubflowResult =\u003e getSubflowResult.Id),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyFlow, err := authentication.NewFlow(ctx, \"my_flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-custom-flow\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewSubflow(ctx, \"my_subflow\", \u0026authentication.SubflowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: myFlow.Alias,\n\t\t\tAlias: pulumi.String(\"my-subflow\"),\n\t\t\tProviderId: pulumi.String(\"basic-flow\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubflow := authentication.LookupSubflowOutput(ctx, authentication.GetSubflowOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: myFlow.Alias,\n\t\t\tAlias: pulumi.String(\"my-subflow\"),\n\t\t}, nil)\n\t\tctx.Export(\"subflowId\", subflow.ApplyT(func(subflow authentication.GetSubflowResult) (*string, error) {\n\t\t\treturn \u0026subflow.Id, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Subflow;\nimport com.pulumi.keycloak.authentication.SubflowArgs;\nimport com.pulumi.keycloak.authentication.AuthenticationFunctions;\nimport com.pulumi.keycloak.authentication.inputs.GetSubflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var myFlow = new Flow(\"myFlow\", FlowArgs.builder()\n .realmId(realm.id())\n .alias(\"my-custom-flow\")\n .build());\n\n var mySubflow = new Subflow(\"mySubflow\", SubflowArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(myFlow.alias())\n .alias(\"my-subflow\")\n .providerId(\"basic-flow\")\n .build());\n\n final var subflow = AuthenticationFunctions.getSubflow(GetSubflowArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(myFlow.alias())\n .alias(\"my-subflow\")\n .build());\n\n ctx.export(\"subflowId\", subflow.applyValue(_subflow -\u003e _subflow.id()));\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n myFlow:\n type: keycloak:authentication:Flow\n name: my_flow\n properties:\n realmId: ${realm.id}\n alias: my-custom-flow\n mySubflow:\n type: keycloak:authentication:Subflow\n name: my_subflow\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${myFlow.alias}\n alias: my-subflow\n providerId: basic-flow\nvariables:\n subflow:\n fn::invoke:\n function: keycloak:authentication:getSubflow\n arguments:\n realmId: ${realm.id}\n parentFlowAlias: ${myFlow.alias}\n alias: my-subflow\noutputs:\n subflowId: ${subflow.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lookup by ID (Direct)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst subflow = keycloak.authentication.getSubflow({\n realmId: \"my-realm-id\",\n parentFlowAlias: \"browser\",\n id: \"a1b2c3d4-e5f6-7890-abcd-ef1234567890\",\n});\nexport const subflowAlias = subflow.then(subflow =\u003e subflow.alias);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nsubflow = keycloak.authentication.get_subflow(realm_id=\"my-realm-id\",\n parent_flow_alias=\"browser\",\n id=\"a1b2c3d4-e5f6-7890-abcd-ef1234567890\")\npulumi.export(\"subflowAlias\", subflow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var subflow = Keycloak.Authentication.GetSubflow.Invoke(new()\n {\n RealmId = \"my-realm-id\",\n ParentFlowAlias = \"browser\",\n Id = \"a1b2c3d4-e5f6-7890-abcd-ef1234567890\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"subflowAlias\"] = subflow.Apply(getSubflowResult =\u003e getSubflowResult.Alias),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsubflow, err := authentication.LookupSubflow(ctx, \u0026authentication.LookupSubflowArgs{\n\t\t\tRealmId: \"my-realm-id\",\n\t\t\tParentFlowAlias: \"browser\",\n\t\t\tId: pulumi.StringRef(\"a1b2c3d4-e5f6-7890-abcd-ef1234567890\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"subflowAlias\", subflow.Alias)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.authentication.AuthenticationFunctions;\nimport com.pulumi.keycloak.authentication.inputs.GetSubflowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var subflow = AuthenticationFunctions.getSubflow(GetSubflowArgs.builder()\n .realmId(\"my-realm-id\")\n .parentFlowAlias(\"browser\")\n .id(\"a1b2c3d4-e5f6-7890-abcd-ef1234567890\")\n .build());\n\n ctx.export(\"subflowAlias\", subflow.alias());\n }\n}\n```\n```yaml\nvariables:\n subflow:\n fn::invoke:\n function: keycloak:authentication:getSubflow\n arguments:\n realmId: my-realm-id\n parentFlowAlias: browser\n id: a1b2c3d4-e5f6-7890-abcd-ef1234567890\noutputs:\n subflowAlias: ${subflow.alias}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getSubflow.\n","properties":{"alias":{"type":"string","description":"The alias of the authentication subflow. Either \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`alias`\" pulumi-lang-dotnet=\"`Alias`\" pulumi-lang-go=\"`alias`\" pulumi-lang-python=\"`alias`\" pulumi-lang-yaml=\"`alias`\" pulumi-lang-java=\"`alias`\"\u003e`alias`\u003c/span\u003e must be specified.\n\n\u003e **Note:** You must specify either \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`alias`\" pulumi-lang-dotnet=\"`Alias`\" pulumi-lang-go=\"`alias`\" pulumi-lang-python=\"`alias`\" pulumi-lang-yaml=\"`alias`\" pulumi-lang-java=\"`alias`\"\u003e`alias`\u003c/span\u003e, but not both. Use \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e for direct lookup by GUID, or \u003cspan pulumi-lang-nodejs=\"`alias`\" pulumi-lang-dotnet=\"`Alias`\" pulumi-lang-go=\"`alias`\" pulumi-lang-python=\"`alias`\" pulumi-lang-yaml=\"`alias`\" pulumi-lang-java=\"`alias`\"\u003e`alias`\u003c/span\u003e for human-readable lookup by name.\n"},"id":{"type":"string","description":"The unique ID of the authentication subflow. Either \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`alias`\" pulumi-lang-dotnet=\"`Alias`\" pulumi-lang-go=\"`alias`\" pulumi-lang-python=\"`alias`\" pulumi-lang-yaml=\"`alias`\" pulumi-lang-java=\"`alias`\"\u003e`alias`\u003c/span\u003e must be specified.\n"},"parentFlowAlias":{"type":"string","description":"The alias of the parent authentication flow.\n"},"realmId":{"type":"string","description":"The realm the authentication subflow exists in.\n"}},"type":"object","required":["parentFlowAlias","realmId"]},"outputs":{"description":"A collection of values returned by getSubflow.\n","properties":{"alias":{"description":"The alias of the subflow.\n","type":"string"},"authenticator":{"type":"string"},"description":{"description":"The description of the subflow.\n","type":"string"},"id":{"description":"The unique ID of the authentication subflow.\n","type":"string"},"parentFlowAlias":{"type":"string"},"priority":{"description":"(Keycloak 25+) The priority of the subflow within its parent flow.\n","type":"integer"},"providerId":{"description":"The provider ID for the subflow (e.g., `basic-flow`, `form-flow`, or `client-flow`).\n","type":"string"},"realmId":{"type":"string"},"requirement":{"description":"The requirement setting for the subflow. Can be one of `REQUIRED`, `ALTERNATIVE`, `OPTIONAL`, `CONDITIONAL`, or `DISABLED`.\n","type":"string"}},"required":["authenticator","description","id","parentFlowAlias","priority","providerId","realmId","requirement"],"type":"object"}},"keycloak:index/getAuthenticationExecution:getAuthenticationExecution":{"description":"This data source can be used to fetch the ID of an authentication execution within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst browserAuthCookie = keycloak.getAuthenticationExecutionOutput({\n realmId: realm.id,\n parentFlowAlias: \"browser\",\n providerId: \"auth-cookie\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nbrowser_auth_cookie = keycloak.get_authentication_execution_output(realm_id=realm.id,\n parent_flow_alias=\"browser\",\n provider_id=\"auth-cookie\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var browserAuthCookie = Keycloak.GetAuthenticationExecution.Invoke(new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = \"browser\",\n ProviderId = \"auth-cookie\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = keycloak.GetAuthenticationExecutionOutput(ctx, keycloak.GetAuthenticationExecutionOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: pulumi.String(\"browser\"),\n\t\t\tProviderId: pulumi.String(\"auth-cookie\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetAuthenticationExecutionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var browserAuthCookie = KeycloakFunctions.getAuthenticationExecution(GetAuthenticationExecutionArgs.builder()\n .realmId(realm.id())\n .parentFlowAlias(\"browser\")\n .providerId(\"auth-cookie\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\nvariables:\n browserAuthCookie:\n fn::invoke:\n function: keycloak:getAuthenticationExecution\n arguments:\n realmId: ${realm.id}\n parentFlowAlias: browser\n providerId: auth-cookie\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getAuthenticationExecution.\n","properties":{"parentFlowAlias":{"type":"string","description":"The alias of the flow this execution is attached to.\n"},"providerId":{"type":"string","description":"The name of the provider. This can be found by experimenting with the GUI and looking at HTTP requests within the network tab of your browser's development tools. This was previously known as the \"authenticator\".\n"},"realmId":{"type":"string","description":"The realm the authentication execution exists in.\n"}},"type":"object","required":["parentFlowAlias","providerId","realmId"]},"outputs":{"description":"A collection of values returned by getAuthenticationExecution.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"parentFlowAlias":{"type":"string"},"priority":{"description":"(Computed) The authenticator priority.\n","type":"integer"},"providerId":{"type":"string"},"realmId":{"type":"string"}},"required":["parentFlowAlias","priority","providerId","realmId","id"],"type":"object"}},"keycloak:index/getAuthenticationFlow:getAuthenticationFlow":{"description":"This data source can be used to fetch the ID of an authentication flow within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst browserAuthCookie = keycloak.getAuthenticationFlowOutput({\n realmId: realm.id,\n alias: \"browser\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nbrowser_auth_cookie = keycloak.get_authentication_flow_output(realm_id=realm.id,\n alias=\"browser\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var browserAuthCookie = Keycloak.GetAuthenticationFlow.Invoke(new()\n {\n RealmId = realm.Id,\n Alias = \"browser\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = keycloak.GetAuthenticationFlowOutput(ctx, keycloak.GetAuthenticationFlowOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"browser\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetAuthenticationFlowArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var browserAuthCookie = KeycloakFunctions.getAuthenticationFlow(GetAuthenticationFlowArgs.builder()\n .realmId(realm.id())\n .alias(\"browser\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\nvariables:\n browserAuthCookie:\n fn::invoke:\n function: keycloak:getAuthenticationFlow\n arguments:\n realmId: ${realm.id}\n alias: browser\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getAuthenticationFlow.\n","properties":{"alias":{"type":"string","description":"The alias of the flow.\n"},"realmId":{"type":"string","description":"The realm the authentication flow exists in.\n"}},"type":"object","required":["alias","realmId"]},"outputs":{"description":"A collection of values returned by getAuthenticationFlow.\n","properties":{"alias":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"realmId":{"type":"string"}},"required":["alias","realmId","id"],"type":"object"}},"keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter":{"description":"This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/latest/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak\nclient. This data can then be used to manage the client within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = keycloak.getClientDescriptionConverterOutput({\n realmId: realm.id,\n body: `\\\\t\u003cmd:EntityDescriptor xmlns:md=\\\\\"urn:oasis:names:tc:SAML:2.0:metadata\\\\\" validUntil=\\\\\"2021-04-17T12:41:46Z\\\\\" cacheDuration=\\\\\"PT604800S\\\\\" entityID=\\\\\"FakeEntityId\\\\\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\\\\\"false\\\\\" WantAssertionsSigned=\\\\\"false\\\\\" protocolSupportEnumeration=\\\\\"urn:oasis:names:tc:SAML:2.0:protocol\\\\\"\u003e\n \u003cmd:KeyDescriptor use=\\\\\"signing\\\\\"\u003e\n\\\\t\\\\t\\\\t\u003cds:KeyInfo xmlns:ds=\\\\\"http://www.w3.org/2000/09/xmldsig#\\\\\"\u003e\n\\\\t\\\\t\\\\t\\\\t\u003cds:X509Data\u003e\n\\\\t\\\\t\\\\t\\\\t\\\\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\\\t\\\\t\\\\t\\\\t\\\\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\\\t\\\\t\\\\t\\\\t\\\\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\\\t\\\\t\\\\t\\\\t\\\\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\\\t\\\\t\\\\t\\\\t\\\\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\\\t\\\\t\\\\t\\\\t\\\\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\\\t\\\\t\\\\t\\\\t\\\\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\\\t\\\\t\\\\t\\\\t\\\\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\\\t\\\\t\\\\t\\\\t\\\\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\\\t\\\\t\\\\t\\\\t\\\\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\\\t\\\\t\\\\t\\\\t\\\\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\\\t\\\\t\\\\t\\\\t\\\\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\\\t\\\\t\\\\t\\\\t\\\\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\\\t\\\\t\\\\t\\\\t\\\\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\\\t\\\\t\\\\t\\\\t\\\\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\\\t\\\\t\\\\t\\\\t\u003c/ds:X509Data\u003e\n\\\\t\\\\t\\\\t\u003c/ds:KeyInfo\u003e\n\\\\t\\\\t\u003c/md:KeyDescriptor\u003e\n\\\\t\\\\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\\\\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\\\\\" Location=\\\\\"https://localhost/acs/saml/\\\\\" index=\\\\\"1\\\\\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`,\n});\nconst samlClientClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: samlClient.apply(samlClient =\u003e samlClient.clientId),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.get_client_description_converter_output(realm_id=realm.id,\n body=\"\"\"\\t\u003cmd:EntityDescriptor xmlns:md=\\\"urn:oasis:names:tc:SAML:2.0:metadata\\\" validUntil=\\\"2021-04-17T12:41:46Z\\\" cacheDuration=\\\"PT604800S\\\" entityID=\\\"FakeEntityId\\\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\\\"false\\\" WantAssertionsSigned=\\\"false\\\" protocolSupportEnumeration=\\\"urn:oasis:names:tc:SAML:2.0:protocol\\\"\u003e\n \u003cmd:KeyDescriptor use=\\\"signing\\\"\u003e\n\\t\\t\\t\u003cds:KeyInfo xmlns:ds=\\\"http://www.w3.org/2000/09/xmldsig#\\\"\u003e\n\\t\\t\\t\\t\u003cds:X509Data\u003e\n\\t\\t\\t\\t\\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\t\\t\\t\\t\\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\t\\t\\t\\t\\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\t\\t\\t\\t\\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\t\\t\\t\\t\\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\t\\t\\t\\t\\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\t\\t\\t\\t\\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\t\\t\\t\\t\\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\t\\t\\t\\t\\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\t\\t\\t\\t\\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\t\\t\\t\\t\\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\t\\t\\t\\t\\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\t\\t\\t\\t\\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\t\\t\\t\\t\\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\t\\t\\t\\t\\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\t\\t\\t\\t\u003c/ds:X509Data\u003e\n\\t\\t\\t\u003c/ds:KeyInfo\u003e\n\\t\\t\u003c/md:KeyDescriptor\u003e\n\\t\\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\\\" Location=\\\"https://localhost/acs/saml/\\\" index=\\\"1\\\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\"\"\")\nsaml_client_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=saml_client.client_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = Keycloak.GetClientDescriptionConverter.Invoke(new()\n {\n RealmId = realm.Id,\n Body = @\"\\t\u003cmd:EntityDescriptor xmlns:md=\\\"\"urn:oasis:names:tc:SAML:2.0:metadata\\\"\" validUntil=\\\"\"2021-04-17T12:41:46Z\\\"\" cacheDuration=\\\"\"PT604800S\\\"\" entityID=\\\"\"FakeEntityId\\\"\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\\\"\"false\\\"\" WantAssertionsSigned=\\\"\"false\\\"\" protocolSupportEnumeration=\\\"\"urn:oasis:names:tc:SAML:2.0:protocol\\\"\"\u003e\n \u003cmd:KeyDescriptor use=\\\"\"signing\\\"\"\u003e\n\\t\\t\\t\u003cds:KeyInfo xmlns:ds=\\\"\"http://www.w3.org/2000/09/xmldsig#\\\"\"\u003e\n\\t\\t\\t\\t\u003cds:X509Data\u003e\n\\t\\t\\t\\t\\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\t\\t\\t\\t\\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\t\\t\\t\\t\\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\t\\t\\t\\t\\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\t\\t\\t\\t\\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\t\\t\\t\\t\\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\t\\t\\t\\t\\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\t\\t\\t\\t\\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\t\\t\\t\\t\\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\t\\t\\t\\t\\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\t\\t\\t\\t\\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\t\\t\\t\\t\\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\t\\t\\t\\t\\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\t\\t\\t\\t\\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\t\\t\\t\\t\\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\t\\t\\t\\t\u003c/ds:X509Data\u003e\n\\t\\t\\t\u003c/ds:KeyInfo\u003e\n\\t\\t\u003c/md:KeyDescriptor\u003e\n\\t\\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\\\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\\\"\" Location=\\\"\"https://localhost/acs/saml/\\\"\" index=\\\"\"1\\\"\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\",\n });\n\n var samlClientClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Apply(getClientDescriptionConverterResult =\u003e getClientDescriptionConverterResult.ClientId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBody: pulumi.String(`\\t\u003cmd:EntityDescriptor xmlns:md=\\\"urn:oasis:names:tc:SAML:2.0:metadata\\\" validUntil=\\\"2021-04-17T12:41:46Z\\\" cacheDuration=\\\"PT604800S\\\" entityID=\\\"FakeEntityId\\\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\\\"false\\\" WantAssertionsSigned=\\\"false\\\" protocolSupportEnumeration=\\\"urn:oasis:names:tc:SAML:2.0:protocol\\\"\u003e\n \u003cmd:KeyDescriptor use=\\\"signing\\\"\u003e\n\\t\\t\\t\u003cds:KeyInfo xmlns:ds=\\\"http://www.w3.org/2000/09/xmldsig#\\\"\u003e\n\\t\\t\\t\\t\u003cds:X509Data\u003e\n\\t\\t\\t\\t\\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\t\\t\\t\\t\\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\t\\t\\t\\t\\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\t\\t\\t\\t\\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\t\\t\\t\\t\\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\t\\t\\t\\t\\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\t\\t\\t\\t\\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\t\\t\\t\\t\\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\t\\t\\t\\t\\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\t\\t\\t\\t\\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\t\\t\\t\\t\\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\t\\t\\t\\t\\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\t\\t\\t\\t\\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\t\\t\\t\\t\\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\t\\t\\t\\t\\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\t\\t\\t\\t\u003c/ds:X509Data\u003e\n\\t\\t\\t\u003c/ds:KeyInfo\u003e\n\\t\\t\u003c/md:KeyDescriptor\u003e\n\\t\\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\\\" Location=\\\"https://localhost/acs/saml/\\\" index=\\\"1\\\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`),\n\t\t}, nil)\n\t\t_, err = saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(samlClient.ApplyT(func(samlClient keycloak.GetClientDescriptionConverterResult) (*string, error) {\n\t\t\t\treturn \u0026samlClient.ClientId, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetClientDescriptionConverterArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder()\n .realmId(realm.id())\n .body(\"\"\"\n\\t\u003cmd:EntityDescriptor xmlns:md=\\\"urn:oasis:names:tc:SAML:2.0:metadata\\\" validUntil=\\\"2021-04-17T12:41:46Z\\\" cacheDuration=\\\"PT604800S\\\" entityID=\\\"FakeEntityId\\\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\\\"false\\\" WantAssertionsSigned=\\\"false\\\" protocolSupportEnumeration=\\\"urn:oasis:names:tc:SAML:2.0:protocol\\\"\u003e\n \u003cmd:KeyDescriptor use=\\\"signing\\\"\u003e\n\\t\\t\\t\u003cds:KeyInfo xmlns:ds=\\\"http://www.w3.org/2000/09/xmldsig#\\\"\u003e\n\\t\\t\\t\\t\u003cds:X509Data\u003e\n\\t\\t\\t\\t\\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\\t\\t\\t\\t\\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\\t\\t\\t\\t\\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\\t\\t\\t\\t\\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\\t\\t\\t\\t\\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\\t\\t\\t\\t\\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\\t\\t\\t\\t\\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\\t\\t\\t\\t\\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\\t\\t\\t\\t\\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\\t\\t\\t\\t\\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\\t\\t\\t\\t\\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\\t\\t\\t\\t\\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\\t\\t\\t\\t\\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\\t\\t\\t\\t\\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\\t\\t\\t\\t\\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\\t\\t\\t\\t\u003c/ds:X509Data\u003e\n\\t\\t\\t\u003c/ds:KeyInfo\u003e\n\\t\\t\u003c/md:KeyDescriptor\u003e\n\\t\\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\\\" Location=\\\"https://localhost/acs/saml/\\\" index=\\\"1\\\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n \"\"\")\n .build());\n\n var samlClientClient = new Client(\"samlClientClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.applyValue(_samlClient -\u003e _samlClient.clientId()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.clientId}\nvariables:\n samlClient:\n fn::invoke:\n function: keycloak:getClientDescriptionConverter\n arguments:\n realmId: ${realm.id}\n body: |\n \\t\u003cmd:EntityDescriptor xmlns:md=\\\"urn:oasis:names:tc:SAML:2.0:metadata\\\" validUntil=\\\"2021-04-17T12:41:46Z\\\" cacheDuration=\\\"PT604800S\\\" entityID=\\\"FakeEntityId\\\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\\\"false\\\" WantAssertionsSigned=\\\"false\\\" protocolSupportEnumeration=\\\"urn:oasis:names:tc:SAML:2.0:protocol\\\"\u003e\n \u003cmd:KeyDescriptor use=\\\"signing\\\"\u003e\n \\t\\t\\t\u003cds:KeyInfo xmlns:ds=\\\"http://www.w3.org/2000/09/xmldsig#\\\"\u003e\n \\t\\t\\t\\t\u003cds:X509Data\u003e\n \\t\\t\\t\\t\\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n \\t\\t\\t\\t\\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n \\t\\t\\t\\t\\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n \\t\\t\\t\\t\\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n \\t\\t\\t\\t\\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n \\t\\t\\t\\t\\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n \\t\\t\\t\\t\\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n \\t\\t\\t\\t\\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n \\t\\t\\t\\t\\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n \\t\\t\\t\\t\\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n \\t\\t\\t\\t\\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n \\t\\t\\t\\t\\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n \\t\\t\\t\\t\\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n \\t\\t\\t\\t\\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n \\t\\t\\t\\t\\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n \\t\\t\\t\\t\u003c/ds:X509Data\u003e\n \\t\\t\\t\u003c/ds:KeyInfo\u003e\n \\t\\t\u003c/md:KeyDescriptor\u003e\n \\t\\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\\\" Location=\\\"https://localhost/acs/saml/\\\" index=\\\"1\\\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n \u003c/md:EntityDescriptor\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClientDescriptionConverter.\n","properties":{"body":{"type":"string","description":"The body of the request to convert.\n"},"realmId":{"type":"string","description":"The realm to use for the client description converter API call.\n"}},"type":"object","required":["body","realmId"]},"outputs":{"description":"A collection of values returned by getClientDescriptionConverter.\n","properties":{"access":{"additionalProperties":{"type":"string"},"type":"object"},"adminUrl":{"type":"string"},"alwaysDisplayInConsole":{"type":"boolean"},"attributes":{"additionalProperties":{"type":"string"},"type":"object"},"authenticationFlowBindingOverrides":{"additionalProperties":{"type":"string"},"type":"object"},"authorizationServicesEnabled":{"type":"boolean"},"authorizationSettings":{"additionalProperties":{"type":"string"},"type":"object"},"baseUrl":{"type":"string"},"bearerOnly":{"type":"boolean"},"body":{"type":"string"},"clientAuthenticatorType":{"type":"string"},"clientId":{"type":"string"},"consentRequired":{"type":"string"},"defaultClientScopes":{"items":{"type":"string"},"type":"array"},"defaultRoles":{"items":{"type":"string"},"type":"array"},"description":{"type":"string"},"directAccessGrantsEnabled":{"type":"boolean"},"enabled":{"type":"boolean"},"frontchannelLogout":{"type":"boolean"},"fullScopeAllowed":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"implicitFlowEnabled":{"type":"boolean"},"name":{"type":"string"},"notBefore":{"type":"integer"},"optionalClientScopes":{"items":{"type":"string"},"type":"array"},"origin":{"type":"string"},"protocol":{"type":"string"},"protocolMappers":{"items":{"$ref":"#/types/keycloak:index/getClientDescriptionConverterProtocolMapper:getClientDescriptionConverterProtocolMapper"},"type":"array"},"publicClient":{"type":"boolean"},"realmId":{"type":"string"},"redirectUris":{"items":{"type":"string"},"type":"array"},"registeredNodes":{"additionalProperties":{"type":"string"},"type":"object"},"registrationAccessToken":{"type":"string"},"rootUrl":{"type":"string"},"secret":{"type":"string"},"serviceAccountsEnabled":{"type":"boolean"},"standardFlowEnabled":{"type":"boolean"},"surrogateAuthRequired":{"type":"boolean"},"webOrigins":{"items":{"type":"string"},"type":"array"}},"required":["access","adminUrl","alwaysDisplayInConsole","attributes","authenticationFlowBindingOverrides","authorizationServicesEnabled","authorizationSettings","baseUrl","bearerOnly","body","clientAuthenticatorType","clientId","consentRequired","defaultClientScopes","defaultRoles","description","directAccessGrantsEnabled","enabled","frontchannelLogout","fullScopeAllowed","implicitFlowEnabled","name","notBefore","optionalClientScopes","origin","protocol","protocolMappers","publicClient","realmId","redirectUris","registeredNodes","registrationAccessToken","rootUrl","secret","serviceAccountsEnabled","standardFlowEnabled","surrogateAuthRequired","webOrigins","id"],"type":"object"}},"keycloak:index/getGroup:getGroup":{"description":"This data source can be used to fetch properties of a Keycloak group for\nusage with other resources, such as \u003cspan pulumi-lang-nodejs=\"`keycloak.GroupRoles`\" pulumi-lang-dotnet=\"`keycloak.GroupRoles`\" pulumi-lang-go=\"`GroupRoles`\" pulumi-lang-python=\"`GroupRoles`\" pulumi-lang-yaml=\"`keycloak.GroupRoles`\" pulumi-lang-java=\"`keycloak.GroupRoles`\"\u003e`keycloak.GroupRoles`\u003c/span\u003e.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst group = keycloak.getGroupOutput({\n realmId: realm.id,\n name: \"group\",\n});\nconst groupRoles = new keycloak.GroupRoles(\"group_roles\", {\n realmId: realm.id,\n groupId: group.apply(group =\u003e group.id),\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\ngroup = keycloak.get_group_output(realm_id=realm.id,\n name=\"group\")\ngroup_roles = keycloak.GroupRoles(\"group_roles\",\n realm_id=realm.id,\n group_id=group.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var @group = Keycloak.GetGroup.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"group\",\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"group_roles\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Apply(@group =\u003e @group.Apply(getGroupResult =\u003e getGroupResult.Id)),\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\tgroup := keycloak.LookupGroupOutput(ctx, keycloak.GetGroupOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"group\"),\n\t\t}, nil)\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"group_roles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: pulumi.String(group.ApplyT(func(group keycloak.GetGroupResult) (*string, error) {\n\t\t\t\treturn \u0026group.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.inputs.GetGroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder()\n .realmId(realm.id())\n .name(\"group\")\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder()\n .realmId(realm.id())\n .groupId(group.applyValue(_group -\u003e _group.id()))\n .roleIds(offlineAccess.applyValue(_offlineAccess -\u003e _offlineAccess.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n groupRoles:\n type: keycloak:GroupRoles\n name: group_roles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n function: keycloak:getRole\n arguments:\n realmId: ${realm.id}\n name: offline_access\n group:\n fn::invoke:\n function: keycloak:getGroup\n arguments:\n realmId: ${realm.id}\n name: group\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getGroup.\n","properties":{"description":{"type":"string"},"name":{"type":"string","description":"The name of the group. If there are multiple groups match \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e, the first result will be returned.\n"},"realmId":{"type":"string","description":"The realm this group exists within.\n"}},"type":"object","required":["name","realmId"]},"outputs":{"description":"A collection of values returned by getGroup.\n","properties":{"attributes":{"additionalProperties":{"type":"string"},"type":"object"},"description":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"name":{"type":"string"},"parentId":{"type":"string"},"path":{"type":"string"},"realmId":{"type":"string"}},"required":["attributes","name","parentId","path","realmId","id"],"type":"object"}},"keycloak:index/getOrganization:getOrganization":{"description":"This data source can be used to fetch properties of a Keycloak organization for\nusage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = keycloak.getRealm({\n realm: \"my-realm\",\n});\nconst organization = realm.then(realm =\u003e keycloak.getOrganization({\n realm: realm.id,\n name: \"my-org\",\n}));\n// use the data source\nconst realmIdentityProvider = new keycloak.oidc.IdentityProvider(\"realm_identity_provider\", {\n realm: realm.then(realm =\u003e realm.id),\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n organizationId: organization.then(organization =\u003e organization.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.get_realm(realm=\"my-realm\")\norganization = keycloak.get_organization(realm=realm.id,\n name=\"my-org\")\n# use the data source\nrealm_identity_provider = keycloak.oidc.IdentityProvider(\"realm_identity_provider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\",\n organization_id=organization.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"my-realm\",\n });\n\n var organization = Keycloak.GetOrganization.Invoke(new()\n {\n Realm = realm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Name = \"my-org\",\n });\n\n // use the data source\n var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"realm_identity_provider\", new()\n {\n Realm = realm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n OrganizationId = organization.Apply(getOrganizationResult =\u003e getOrganizationResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"my-realm\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\torganization, err := keycloak.LookupOrganization(ctx, \u0026keycloak.LookupOrganizationArgs{\n\t\t\tRealm: realm.Id,\n\t\t\tName: \"my-org\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = oidc.NewIdentityProvider(ctx, \"realm_identity_provider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: pulumi.String(realm.Id),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t\tOrganizationId: pulumi.String(organization.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetOrganizationArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n final var organization = KeycloakFunctions.getOrganization(GetOrganizationArgs.builder()\n .realm(realm.id())\n .name(\"my-org\")\n .build());\n\n // use the data source\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder()\n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .organizationId(organization.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n realmIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n name: realm_identity_provider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n organizationId: ${organization.id}\nvariables:\n realm:\n fn::invoke:\n function: keycloak:getRealm\n arguments:\n realm: my-realm\n organization:\n fn::invoke:\n function: keycloak:getOrganization\n arguments:\n realm: ${realm.id}\n name: my-org\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getOrganization.\n","properties":{"name":{"type":"string","description":"The organization name.\n"},"realm":{"type":"string","description":"The name of the realm this organization exists within.\n"}},"type":"object","required":["name","realm"]},"outputs":{"description":"A collection of values returned by getOrganization.\n","properties":{"alias":{"type":"string"},"attributes":{"additionalProperties":{"type":"string"},"type":"object"},"description":{"type":"string"},"domains":{"items":{"$ref":"#/types/keycloak:index/getOrganizationDomain:getOrganizationDomain"},"type":"array"},"enabled":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"name":{"type":"string"},"realm":{"type":"string"},"redirectUrl":{"type":"string"}},"required":["alias","attributes","description","domains","enabled","name","realm","redirectUrl","id"],"type":"object"}},"keycloak:index/getRealm:getRealm":{"description":"This data source can be used to fetch properties of a Keycloak realm for\nusage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = keycloak.getRealm({\n realm: \"my-realm\",\n});\n// use the data source\nconst group = new keycloak.Role(\"group\", {\n realmId: realm.then(realm =\u003e realm.id),\n name: \"group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.get_realm(realm=\"my-realm\")\n# use the data source\ngroup = keycloak.Role(\"group\",\n realm_id=realm.id,\n name=\"group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"my-realm\",\n });\n\n // use the data source\n var @group = new Keycloak.Role(\"group\", new()\n {\n RealmId = realm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Name = \"group\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"my-realm\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = keycloak.NewRole(ctx, \"group\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: pulumi.String(realm.Id),\n\t\t\tName: pulumi.String(\"group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n // use the data source\n var group = new Role(\"group\", RoleArgs.builder()\n .realmId(realm.id())\n .name(\"group\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n group:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n name: group\nvariables:\n realm:\n fn::invoke:\n function: keycloak:getRealm\n arguments:\n realm: my-realm\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getRealm.\n","properties":{"attributes":{"type":"object","additionalProperties":{"type":"string"}},"defaultDefaultClientScopes":{"type":"array","items":{"type":"string"}},"defaultOptionalClientScopes":{"type":"array","items":{"type":"string"}},"displayNameHtml":{"type":"string"},"internationalizations":{"type":"array","items":{"$ref":"#/types/keycloak:index/getRealmInternationalization:getRealmInternationalization"}},"otpPolicy":{"$ref":"#/types/keycloak:index/getRealmOtpPolicy:getRealmOtpPolicy"},"realm":{"type":"string","description":"The realm name.\n"},"securityDefenses":{"type":"array","items":{"$ref":"#/types/keycloak:index/getRealmSecurityDefense:getRealmSecurityDefense"}},"smtpServers":{"type":"array","items":{"$ref":"#/types/keycloak:index/getRealmSmtpServer:getRealmSmtpServer"}},"webAuthnPasswordlessPolicy":{"$ref":"#/types/keycloak:index/getRealmWebAuthnPasswordlessPolicy:getRealmWebAuthnPasswordlessPolicy"},"webAuthnPolicy":{"$ref":"#/types/keycloak:index/getRealmWebAuthnPolicy:getRealmWebAuthnPolicy"}},"type":"object","required":["realm"]},"outputs":{"description":"A collection of values returned by getRealm.\n","properties":{"accessCodeLifespan":{"type":"string"},"accessCodeLifespanLogin":{"type":"string"},"accessCodeLifespanUserAction":{"type":"string"},"accessTokenLifespan":{"type":"string"},"accessTokenLifespanForImplicitFlow":{"type":"string"},"accountTheme":{"type":"string"},"actionTokenGeneratedByAdminLifespan":{"type":"string"},"actionTokenGeneratedByUserLifespan":{"type":"string"},"adminPermissionsEnabled":{"type":"boolean"},"adminTheme":{"type":"string"},"attributes":{"additionalProperties":{"type":"string"},"type":"object"},"browserFlow":{"type":"string"},"clientAuthenticationFlow":{"type":"string"},"clientSessionIdleTimeout":{"type":"string"},"clientSessionMaxLifespan":{"type":"string"},"defaultDefaultClientScopes":{"items":{"type":"string"},"type":"array"},"defaultOptionalClientScopes":{"items":{"type":"string"},"type":"array"},"defaultSignatureAlgorithm":{"type":"string"},"directGrantFlow":{"type":"string"},"displayName":{"type":"string"},"displayNameHtml":{"type":"string"},"dockerAuthenticationFlow":{"type":"string"},"duplicateEmailsAllowed":{"type":"boolean"},"editUsernameAllowed":{"type":"boolean"},"emailTheme":{"type":"string"},"enabled":{"type":"boolean"},"firstBrokerLoginFlow":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"internalId":{"type":"string"},"internationalizations":{"items":{"$ref":"#/types/keycloak:index/getRealmInternationalization:getRealmInternationalization"},"type":"array"},"loginTheme":{"type":"string"},"loginWithEmailAllowed":{"type":"boolean"},"oauth2DeviceCodeLifespan":{"type":"string"},"oauth2DevicePollingInterval":{"type":"integer"},"offlineSessionIdleTimeout":{"type":"string"},"offlineSessionMaxLifespan":{"type":"string"},"offlineSessionMaxLifespanEnabled":{"type":"boolean"},"organizationsEnabled":{"type":"boolean"},"otpPolicy":{"$ref":"#/types/keycloak:index/getRealmOtpPolicy:getRealmOtpPolicy"},"passwordPolicy":{"type":"string"},"realm":{"type":"string"},"refreshTokenMaxReuse":{"type":"integer"},"registrationAllowed":{"type":"boolean"},"registrationEmailAsUsername":{"type":"boolean"},"registrationFlow":{"type":"string"},"rememberMe":{"type":"boolean"},"resetCredentialsFlow":{"type":"string"},"resetPasswordAllowed":{"type":"boolean"},"revokeRefreshToken":{"type":"boolean"},"securityDefenses":{"items":{"$ref":"#/types/keycloak:index/getRealmSecurityDefense:getRealmSecurityDefense"},"type":"array"},"smtpServers":{"items":{"$ref":"#/types/keycloak:index/getRealmSmtpServer:getRealmSmtpServer"},"type":"array"},"sslRequired":{"type":"string"},"ssoSessionIdleTimeout":{"type":"string"},"ssoSessionIdleTimeoutRememberMe":{"type":"string"},"ssoSessionMaxLifespan":{"type":"string"},"ssoSessionMaxLifespanRememberMe":{"type":"string"},"userManagedAccess":{"type":"boolean"},"verifyEmail":{"type":"boolean"},"webAuthnPasswordlessPolicy":{"$ref":"#/types/keycloak:index/getRealmWebAuthnPasswordlessPolicy:getRealmWebAuthnPasswordlessPolicy"},"webAuthnPolicy":{"$ref":"#/types/keycloak:index/getRealmWebAuthnPolicy:getRealmWebAuthnPolicy"}},"required":["accessCodeLifespan","accessCodeLifespanLogin","accessCodeLifespanUserAction","accessTokenLifespan","accessTokenLifespanForImplicitFlow","accountTheme","actionTokenGeneratedByAdminLifespan","actionTokenGeneratedByUserLifespan","adminPermissionsEnabled","adminTheme","attributes","browserFlow","clientAuthenticationFlow","clientSessionIdleTimeout","clientSessionMaxLifespan","defaultDefaultClientScopes","defaultOptionalClientScopes","defaultSignatureAlgorithm","directGrantFlow","displayName","dockerAuthenticationFlow","duplicateEmailsAllowed","editUsernameAllowed","emailTheme","enabled","firstBrokerLoginFlow","internalId","internationalizations","loginTheme","loginWithEmailAllowed","oauth2DeviceCodeLifespan","oauth2DevicePollingInterval","offlineSessionIdleTimeout","offlineSessionMaxLifespan","offlineSessionMaxLifespanEnabled","organizationsEnabled","otpPolicy","passwordPolicy","realm","refreshTokenMaxReuse","registrationAllowed","registrationEmailAsUsername","registrationFlow","rememberMe","resetCredentialsFlow","resetPasswordAllowed","revokeRefreshToken","securityDefenses","smtpServers","sslRequired","ssoSessionIdleTimeout","ssoSessionIdleTimeoutRememberMe","ssoSessionMaxLifespan","ssoSessionMaxLifespanRememberMe","userManagedAccess","verifyEmail","webAuthnPasswordlessPolicy","webAuthnPolicy","id"],"type":"object"}},"keycloak:index/getRealmKeys:getRealmKeys":{"description":"Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status.\n\nRemarks:\n\n- A key must meet all filter criteria\n- This data source may return more than one value.\n- If no key matches the filter criteria, then an error will be returned.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmKeys = keycloak.getRealmKeysOutput({\n realmId: realm.id,\n algorithms: [\n \"AES\",\n \"RS256\",\n ],\n statuses: [\n \"ACTIVE\",\n \"PASSIVE\",\n ],\n});\nexport const certificate = realmKeys.apply(realmKeys =\u003e realmKeys.keys?.[0]?.certificate);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_keys = keycloak.get_realm_keys_output(realm_id=realm.id,\n algorithms=[\n \"AES\",\n \"RS256\",\n ],\n statuses=[\n \"ACTIVE\",\n \"PASSIVE\",\n ])\npulumi.export(\"certificate\", realm_keys.keys[0].certificate)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmKeys = Keycloak.GetRealmKeys.Invoke(new()\n {\n RealmId = realm.Id,\n Algorithms = new[]\n {\n \"AES\",\n \"RS256\",\n },\n Statuses = new[]\n {\n \"ACTIVE\",\n \"PASSIVE\",\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"certificate\"] = realmKeys.Apply(getRealmKeysResult =\u003e getRealmKeysResult.Keys[0]?.Certificate),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmKeys := keycloak.GetRealmKeysOutput(ctx, keycloak.GetRealmKeysOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlgorithms: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"AES\"),\n\t\t\t\tpulumi.String(\"RS256\"),\n\t\t\t},\n\t\t\tStatuses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ACTIVE\"),\n\t\t\t\tpulumi.String(\"PASSIVE\"),\n\t\t\t},\n\t\t}, nil)\n\t\tctx.Export(\"certificate\", realmKeys.ApplyT(func(realmKeys keycloak.GetRealmKeysResult) (*string, error) {\n\t\t\treturn \u0026realmKeys.Keys[0].Certificate, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmKeysArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var realmKeys = KeycloakFunctions.getRealmKeys(GetRealmKeysArgs.builder()\n .realmId(realm.id())\n .algorithms( \n \"AES\",\n \"RS256\")\n .statuses( \n \"ACTIVE\",\n \"PASSIVE\")\n .build());\n\n ctx.export(\"certificate\", realmKeys.applyValue(_realmKeys -\u003e _realmKeys.keys()[0].certificate()));\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\nvariables:\n realmKeys:\n fn::invoke:\n function: keycloak:getRealmKeys\n arguments:\n realmId: ${realm.id}\n algorithms:\n - AES\n - RS256\n statuses:\n - ACTIVE\n - PASSIVE\noutputs:\n # show certificate of first key:\n certificate: ${realmKeys.keys[0].certificate}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getRealmKeys.\n","properties":{"algorithms":{"type":"array","items":{"type":"string"},"description":"When specified, keys will be filtered by algorithm. The algorithms can be any of `HS256`, `RS256`,`AES`, etc.\n"},"realmId":{"type":"string","description":"The realm from which the keys will be retrieved.\n"},"statuses":{"type":"array","items":{"type":"string"},"description":"When specified, keys will be filtered by status. The statuses can be any of `ACTIVE`, `DISABLED` and `PASSIVE`.\n"}},"type":"object","required":["realmId"]},"outputs":{"description":"A collection of values returned by getRealmKeys.\n","properties":{"algorithms":{"items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"keys":{"description":"(Computed) A list of keys that match the filter criteria. Each key has the following attributes:\n","items":{"$ref":"#/types/keycloak:index/getRealmKeysKey:getRealmKeysKey"},"type":"array"},"realmId":{"type":"string"},"statuses":{"description":"Key status (string)\n","items":{"type":"string"},"type":"array"}},"required":["keys","realmId","id"],"type":"object"}},"keycloak:index/getRole:getRole":{"description":"This data source can be used to fetch properties of a Keycloak role for\nusage with other resources, such as \u003cspan pulumi-lang-nodejs=\"`keycloak.GroupRoles`\" pulumi-lang-dotnet=\"`keycloak.GroupRoles`\" pulumi-lang-go=\"`GroupRoles`\" pulumi-lang-python=\"`GroupRoles`\" pulumi-lang-yaml=\"`keycloak.GroupRoles`\" pulumi-lang-java=\"`keycloak.GroupRoles`\"\u003e`keycloak.GroupRoles`\u003c/span\u003e.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\n// use the data source\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"group\",\n});\nconst groupRoles = new keycloak.GroupRoles(\"group_roles\", {\n realmId: realm.id,\n groupId: group.id,\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\n# use the data source\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"group\")\ngroup_roles = keycloak.GroupRoles(\"group_roles\",\n realm_id=realm.id,\n group_id=group.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n // use the data source\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"group\",\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"group_roles\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\t// use the data source\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"group_roles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n // use the data source\n var group = new Group(\"group\", GroupArgs.builder()\n .realmId(realm.id())\n .name(\"group\")\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder()\n .realmId(realm.id())\n .groupId(group.id())\n .roleIds(offlineAccess.applyValue(_offlineAccess -\u003e _offlineAccess.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # use the data source\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: group\n groupRoles:\n type: keycloak:GroupRoles\n name: group_roles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n function: keycloak:getRole\n arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getRole.\n","properties":{"clientId":{"type":"string","description":"When specified, this role is assumed to be a client role belonging to the client with the provided ID. The \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e attribute of a \u003cspan pulumi-lang-nodejs=\"`keycloakClient`\" pulumi-lang-dotnet=\"`KeycloakClient`\" pulumi-lang-go=\"`keycloakClient`\" pulumi-lang-python=\"`keycloak_client`\" pulumi-lang-yaml=\"`keycloakClient`\" pulumi-lang-java=\"`keycloakClient`\"\u003e`keycloak_client`\u003c/span\u003e resource should be used here.\n"},"name":{"type":"string","description":"The name of the role.\n"},"realmId":{"type":"string","description":"The realm this role exists within.\n"}},"type":"object","required":["name","realmId"]},"outputs":{"description":"A collection of values returned by getRole.\n","properties":{"attributes":{"additionalProperties":{"type":"string"},"type":"object"},"clientId":{"type":"string"},"compositeRoles":{"items":{"type":"string"},"type":"array"},"description":{"description":"(Computed) The description of the role.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"name":{"type":"string"},"realmId":{"type":"string"}},"required":["attributes","compositeRoles","description","name","realmId","id"],"type":"object"}},"keycloak:index/getUser:getUser":{"description":"This data source can be used to fetch properties of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\n// use the keycloak_user data source to grab the admin user's ID\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nexport const keycloakUserId = defaultAdminUser.then(defaultAdminUser =\u003e defaultAdminUser.id);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\n# use the keycloak_user data source to grab the admin user's ID\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\npulumi.export(\"keycloakUserId\", default_admin_user.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n // use the keycloak_user data source to grab the admin user's ID\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserId\"] = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the keycloak_user data source to grab the admin user's ID\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserId\", defaultAdminUser.Id)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n // use the keycloak_user data source to grab the admin user's ID\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.id())\n .username(\"keycloak\")\n .build());\n\n ctx.export(\"keycloakUserId\", defaultAdminUser.id());\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n function: keycloak:getRealm\n arguments:\n realm: master\n # use the keycloak_user data source to grab the admin user's ID\n defaultAdminUser:\n fn::invoke:\n function: keycloak:getUser\n arguments:\n realmId: ${masterRealm.id}\n username: keycloak\noutputs:\n keycloakUserId: ${defaultAdminUser.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getUser.\n","properties":{"realmId":{"type":"string","description":"The realm this user belongs to.\n"},"username":{"type":"string","description":"The unique username of this user.\n"}},"type":"object","required":["realmId","username"]},"outputs":{"description":"A collection of values returned by getUser.\n","properties":{"attributes":{"additionalProperties":{"type":"string"},"description":"(Computed) A map representing attributes for the user\n","type":"object"},"email":{"description":"(Computed) The user's email.\n","type":"string"},"emailVerified":{"description":"(Computed) Whether the email address was validated or not. Default to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n","type":"boolean"},"enabled":{"description":"(Computed) When false, this user cannot log in. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n","type":"boolean"},"federatedIdentities":{"description":"(Computed) The user's federated identities, if applicable. This block has the following schema:\n","items":{"type":"string"},"type":"array"},"firstName":{"description":"(Computed) The user's first name.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"lastName":{"description":"(Computed) The user's last name.\n","type":"string"},"realmId":{"type":"string"},"requiredActions":{"items":{"type":"string"},"type":"array"},"username":{"type":"string"}},"required":["attributes","email","emailVerified","enabled","federatedIdentities","firstName","lastName","realmId","requiredActions","username","id"],"type":"object"}},"keycloak:index/getUserRealmRoles:getUserRealmRoles":{"description":"This data source can be used to fetch the realm roles of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\n// use the keycloak_user data source to grab the admin user's ID\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\n// use the keycloak_user_realm_roles data source to list role names\nconst userRealmRoles = Promise.all([masterRealm, defaultAdminUser]).then(([masterRealm, defaultAdminUser]) =\u003e keycloak.getUserRealmRoles({\n realmId: masterRealm.id,\n userId: defaultAdminUser.id,\n}));\nexport const keycloakUserRoleNames = userRealmRoles.then(userRealmRoles =\u003e userRealmRoles.roleNames);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\n# use the keycloak_user data source to grab the admin user's ID\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\n# use the keycloak_user_realm_roles data source to list role names\nuser_realm_roles = keycloak.get_user_realm_roles(realm_id=master_realm.id,\n user_id=default_admin_user.id)\npulumi.export(\"keycloakUserRoleNames\", user_realm_roles.role_names)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n // use the keycloak_user data source to grab the admin user's ID\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n // use the keycloak_user_realm_roles data source to list role names\n var userRealmRoles = Keycloak.GetUserRealmRoles.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n UserId = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserRoleNames\"] = userRealmRoles.Apply(getUserRealmRolesResult =\u003e getUserRealmRolesResult.RoleNames),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the keycloak_user data source to grab the admin user's ID\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the keycloak_user_realm_roles data source to list role names\n\t\tuserRealmRoles, err := keycloak.GetUserRealmRoles(ctx, \u0026keycloak.GetUserRealmRolesArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUserId: defaultAdminUser.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserRoleNames\", userRealmRoles.RoleNames)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport com.pulumi.keycloak.inputs.GetUserRealmRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n // use the keycloak_user data source to grab the admin user's ID\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.id())\n .username(\"keycloak\")\n .build());\n\n // use the keycloak_user_realm_roles data source to list role names\n final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder()\n .realmId(masterRealm.id())\n .userId(defaultAdminUser.id())\n .build());\n\n ctx.export(\"keycloakUserRoleNames\", userRealmRoles.roleNames());\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n function: keycloak:getRealm\n arguments:\n realm: master\n # use the keycloak_user data source to grab the admin user's ID\n defaultAdminUser:\n fn::invoke:\n function: keycloak:getUser\n arguments:\n realmId: ${masterRealm.id}\n username: keycloak\n # use the keycloak_user_realm_roles data source to list role names\n userRealmRoles:\n fn::invoke:\n function: keycloak:getUserRealmRoles\n arguments:\n realmId: ${masterRealm.id}\n userId: ${defaultAdminUser.id}\noutputs:\n keycloakUserRoleNames: ${userRealmRoles.roleNames}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getUserRealmRoles.\n","properties":{"realmId":{"type":"string","description":"The realm this user belongs to.\n"},"userId":{"type":"string","description":"The ID of the user to query realm roles for.\n"}},"type":"object","required":["realmId","userId"]},"outputs":{"description":"A collection of values returned by getUserRealmRoles.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"realmId":{"type":"string"},"roleNames":{"description":"(Computed) A list of realm roles that belong to this user.\n","items":{"type":"string"},"type":"array"},"userId":{"type":"string"}},"required":["realmId","roleNames","userId","id"],"type":"object"}},"keycloak:openid/getClient:getClient":{"description":"This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\n// use the data source\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\n# use the data source\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n // use the data source\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n // use the data source\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.id())\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n function: keycloak:openid:getClient\n arguments:\n realmId: my-realm\n clientId: realm-management\n # use the data source\n admin:\n fn::invoke:\n function: keycloak:getRole\n arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClient.\n","properties":{"alwaysDisplayInConsole":{"type":"boolean"},"clientId":{"type":"string","description":"The client id (not its unique ID).\n"},"consentScreenText":{"type":"string"},"displayOnConsentScreen":{"type":"boolean"},"extraConfig":{"type":"object","additionalProperties":{"type":"string"}},"oauth2DeviceAuthorizationGrantEnabled":{"type":"boolean"},"oauth2DeviceCodeLifespan":{"type":"string"},"oauth2DevicePollingInterval":{"type":"string"},"realmId":{"type":"string","description":"The realm id.\n"}},"type":"object","required":["clientId","realmId"]},"outputs":{"description":"A collection of values returned by getClient.\n","properties":{"accessTokenLifespan":{"type":"string"},"accessType":{"type":"string"},"adminUrl":{"type":"string"},"allowRefreshTokenInStandardTokenExchange":{"type":"string"},"alwaysDisplayInConsole":{"type":"boolean"},"authenticationFlowBindingOverrides":{"items":{"$ref":"#/types/keycloak:openid/getClientAuthenticationFlowBindingOverride:getClientAuthenticationFlowBindingOverride"},"type":"array"},"authorizations":{"items":{"$ref":"#/types/keycloak:openid/getClientAuthorization:getClientAuthorization"},"type":"array"},"backchannelLogoutRevokeOfflineSessions":{"type":"boolean"},"backchannelLogoutSessionRequired":{"type":"boolean"},"backchannelLogoutUrl":{"type":"string"},"baseUrl":{"type":"string"},"clientAuthenticatorType":{"type":"string"},"clientId":{"type":"string"},"clientOfflineSessionIdleTimeout":{"type":"string"},"clientOfflineSessionMaxLifespan":{"type":"string"},"clientSecret":{"secret":true,"type":"string"},"clientSessionIdleTimeout":{"type":"string"},"clientSessionMaxLifespan":{"type":"string"},"consentRequired":{"type":"boolean"},"consentScreenText":{"type":"string"},"description":{"type":"string"},"directAccessGrantsEnabled":{"type":"boolean"},"displayOnConsentScreen":{"type":"boolean"},"enabled":{"type":"boolean"},"excludeIssuerFromAuthResponse":{"type":"boolean"},"excludeSessionStateFromAuthResponse":{"type":"boolean"},"extraConfig":{"additionalProperties":{"type":"string"},"type":"object"},"frontchannelLogoutEnabled":{"type":"boolean"},"frontchannelLogoutUrl":{"type":"string"},"fullScopeAllowed":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"implicitFlowEnabled":{"type":"boolean"},"loginTheme":{"type":"string"},"name":{"type":"string"},"oauth2DeviceAuthorizationGrantEnabled":{"type":"boolean"},"oauth2DeviceCodeLifespan":{"type":"string"},"oauth2DevicePollingInterval":{"type":"string"},"pkceCodeChallengeMethod":{"type":"string"},"realmId":{"type":"string"},"requireDpopBoundTokens":{"type":"boolean"},"resourceServerId":{"type":"string"},"rootUrl":{"type":"string"},"serviceAccountUserId":{"type":"string"},"serviceAccountsEnabled":{"type":"boolean"},"standardFlowEnabled":{"type":"boolean"},"standardTokenExchangeEnabled":{"type":"boolean"},"useRefreshTokens":{"type":"boolean"},"useRefreshTokensClientCredentials":{"type":"boolean"},"validPostLogoutRedirectUris":{"items":{"type":"string"},"type":"array"},"validRedirectUris":{"items":{"type":"string"},"type":"array"},"webOrigins":{"items":{"type":"string"},"type":"array"}},"required":["accessTokenLifespan","accessType","adminUrl","allowRefreshTokenInStandardTokenExchange","authenticationFlowBindingOverrides","authorizations","backchannelLogoutRevokeOfflineSessions","backchannelLogoutSessionRequired","backchannelLogoutUrl","baseUrl","clientAuthenticatorType","clientId","clientOfflineSessionIdleTimeout","clientOfflineSessionMaxLifespan","clientSecret","clientSessionIdleTimeout","clientSessionMaxLifespan","consentRequired","description","directAccessGrantsEnabled","enabled","excludeIssuerFromAuthResponse","excludeSessionStateFromAuthResponse","extraConfig","frontchannelLogoutEnabled","frontchannelLogoutUrl","fullScopeAllowed","implicitFlowEnabled","loginTheme","name","pkceCodeChallengeMethod","realmId","requireDpopBoundTokens","resourceServerId","rootUrl","serviceAccountUserId","serviceAccountsEnabled","standardFlowEnabled","standardTokenExchangeEnabled","useRefreshTokens","useRefreshTokensClientCredentials","validPostLogoutRedirectUris","validRedirectUris","webOrigins","id"],"type":"object"}},"keycloak:openid/getClientAuthorizationPolicy:getClientAuthorizationPolicy":{"description":"This data source can be used to fetch policy and permission information for an OpenID client that has authorization enabled.\n\n## Example Usage\n\nIn this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default\npermission for this client called \"Default Permission\". We'll use the \u003cspan pulumi-lang-nodejs=\"`keycloak.openid.getClientAuthorizationPolicy`\" pulumi-lang-dotnet=\"`keycloak.openid.getClientAuthorizationPolicy`\" pulumi-lang-go=\"`openid.getClientAuthorizationPolicy`\" pulumi-lang-python=\"`openid_get_client_authorization_policy`\" pulumi-lang-yaml=\"`keycloak.openid.getClientAuthorizationPolicy`\" pulumi-lang-java=\"`keycloak.openid.getClientAuthorizationPolicy`\"\u003e`keycloak.openid.getClientAuthorizationPolicy`\u003c/span\u003e data\nsource to fetch information about this permission, so we can use it to create a new resource-based authorization permission.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientWithAuthz = new keycloak.openid.Client(\"client_with_authz\", {\n clientId: \"client-with-authz\",\n name: \"client-with-authz\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst defaultPermission = keycloak.openid.getClientAuthorizationPolicyOutput({\n realmId: realm.id,\n resourceServerId: clientWithAuthz.resourceServerId,\n name: \"Default Permission\",\n});\nconst resource = new keycloak.openid.ClientAuthorizationResource(\"resource\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n name: \"authorization-resource\",\n realmId: realm.id,\n uris: [\"/endpoint/*\"],\n attributes: {\n foo: \"bar\",\n },\n});\nconst permission = new keycloak.openid.ClientAuthorizationPermission(\"permission\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n name: \"authorization-permission\",\n policies: [defaultPermission.apply(defaultPermission =\u003e defaultPermission.id)],\n resources: [resource.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_with_authz = keycloak.openid.Client(\"client_with_authz\",\n client_id=\"client-with-authz\",\n name=\"client-with-authz\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization={\n \"policy_enforcement_mode\": \"ENFORCING\",\n })\ndefault_permission = keycloak.openid.get_client_authorization_policy_output(realm_id=realm.id,\n resource_server_id=client_with_authz.resource_server_id,\n name=\"Default Permission\")\nresource = keycloak.openid.ClientAuthorizationResource(\"resource\",\n resource_server_id=client_with_authz.resource_server_id,\n name=\"authorization-resource\",\n realm_id=realm.id,\n uris=[\"/endpoint/*\"],\n attributes={\n \"foo\": \"bar\",\n })\npermission = keycloak.openid.ClientAuthorizationPermission(\"permission\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n name=\"authorization-permission\",\n policies=[default_permission.id],\n resources=[resource.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientWithAuthz = new Keycloak.OpenId.Client(\"client_with_authz\", new()\n {\n ClientId = \"client-with-authz\",\n Name = \"client-with-authz\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var defaultPermission = Keycloak.OpenId.GetClientAuthorizationPolicy.Invoke(new()\n {\n RealmId = realm.Id,\n ResourceServerId = clientWithAuthz.ResourceServerId,\n Name = \"Default Permission\",\n });\n\n var resource = new Keycloak.OpenId.ClientAuthorizationResource(\"resource\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n Name = \"authorization-resource\",\n RealmId = realm.Id,\n Uris = new[]\n {\n \"/endpoint/*\",\n },\n Attributes = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var permission = new Keycloak.OpenId.ClientAuthorizationPermission(\"permission\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Name = \"authorization-permission\",\n Policies = new[]\n {\n defaultPermission.Apply(getClientAuthorizationPolicyResult =\u003e getClientAuthorizationPolicyResult.Id),\n },\n Resources = new[]\n {\n resource.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientWithAuthz, err := openid.NewClient(ctx, \"client_with_authz\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client-with-authz\"),\n\t\t\tName: pulumi.String(\"client-with-authz\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultPermission := openid.GetClientAuthorizationPolicyOutput(ctx, openid.GetClientAuthorizationPolicyOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tName: pulumi.String(\"Default Permission\"),\n\t\t}, nil)\n\t\tresource, err := openid.NewClientAuthorizationResource(ctx, \"resource\", \u0026openid.ClientAuthorizationResourceArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tName: pulumi.String(\"authorization-resource\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"/endpoint/*\"),\n\t\t\t},\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationPermission(ctx, \"permission\", \u0026openid.ClientAuthorizationPermissionArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"authorization-permission\"),\n\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\tpulumi.String(defaultPermission.ApplyT(func(defaultPermission openid.GetClientAuthorizationPolicyResult) (*string, error) {\n\t\t\t\t\treturn \u0026defaultPermission.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tresource.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientAuthorizationPolicyArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResource;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResourceArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermission;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientWithAuthz = new Client(\"clientWithAuthz\", ClientArgs.builder()\n .clientId(\"client-with-authz\")\n .name(\"client-with-authz\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n final var defaultPermission = OpenidFunctions.getClientAuthorizationPolicy(GetClientAuthorizationPolicyArgs.builder()\n .realmId(realm.id())\n .resourceServerId(clientWithAuthz.resourceServerId())\n .name(\"Default Permission\")\n .build());\n\n var resource = new ClientAuthorizationResource(\"resource\", ClientAuthorizationResourceArgs.builder()\n .resourceServerId(clientWithAuthz.resourceServerId())\n .name(\"authorization-resource\")\n .realmId(realm.id())\n .uris(\"/endpoint/*\")\n .attributes(Map.of(\"foo\", \"bar\"))\n .build());\n\n var permission = new ClientAuthorizationPermission(\"permission\", ClientAuthorizationPermissionArgs.builder()\n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .name(\"authorization-permission\")\n .policies(defaultPermission.applyValue(_defaultPermission -\u003e _defaultPermission.id()))\n .resources(resource.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientWithAuthz:\n type: keycloak:openid:Client\n name: client_with_authz\n properties:\n clientId: client-with-authz\n name: client-with-authz\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n resource:\n type: keycloak:openid:ClientAuthorizationResource\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n name: authorization-resource\n realmId: ${realm.id}\n uris:\n - /endpoint/*\n attributes:\n foo: bar\n permission:\n type: keycloak:openid:ClientAuthorizationPermission\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n name: authorization-permission\n policies:\n - ${defaultPermission.id}\n resources:\n - ${resource.id}\nvariables:\n defaultPermission:\n fn::invoke:\n function: keycloak:openid:getClientAuthorizationPolicy\n arguments:\n realmId: ${realm.id}\n resourceServerId: ${clientWithAuthz.resourceServerId}\n name: Default Permission\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClientAuthorizationPolicy.\n","properties":{"name":{"type":"string","description":"The name of the authorization policy.\n"},"realmId":{"type":"string","description":"The realm this authorization policy exists within.\n"},"resourceServerId":{"type":"string","description":"The ID of the resource server this authorization policy is attached to.\n"}},"type":"object","required":["name","realmId","resourceServerId"]},"outputs":{"description":"A collection of values returned by getClientAuthorizationPolicy.\n","properties":{"decisionStrategy":{"description":"(Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"logic":{"description":"(Computed) Dictates how the policy decision should be made. Can be either `POSITIVE` or `NEGATIVE`. Applies to policies.\n","type":"string"},"name":{"type":"string"},"owner":{"description":"(Computed) The ID of the owning resource. Applies to resources.\n","type":"string"},"policies":{"description":"(Computed) The IDs of the policies that must be applied to scopes/resources for this policy/permission. Applies to policies and permissions.\n","items":{"type":"string"},"type":"array"},"realmId":{"type":"string"},"resourceServerId":{"type":"string"},"resources":{"description":"(Computed) The IDs of the resources that this permission applies to. Applies to resource-based permissions.\n","items":{"type":"string"},"type":"array"},"scopes":{"description":"(Computed) The IDs of the scopes that this permission applies to. Applies to scope-based permissions.\n","items":{"type":"string"},"type":"array"},"type":{"description":"(Computed) The type of this policy / permission. For permissions, this could be \u003cspan pulumi-lang-nodejs=\"`resource`\" pulumi-lang-dotnet=\"`Resource`\" pulumi-lang-go=\"`resource`\" pulumi-lang-python=\"`resource`\" pulumi-lang-yaml=\"`resource`\" pulumi-lang-java=\"`resource`\"\u003e`resource`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`scope`\" pulumi-lang-dotnet=\"`Scope`\" pulumi-lang-go=\"`scope`\" pulumi-lang-python=\"`scope`\" pulumi-lang-yaml=\"`scope`\" pulumi-lang-java=\"`scope`\"\u003e`scope`\u003c/span\u003e. For policies, this could be any type of authorization policy, such as \u003cspan pulumi-lang-nodejs=\"`js`\" pulumi-lang-dotnet=\"`Js`\" pulumi-lang-go=\"`js`\" pulumi-lang-python=\"`js`\" pulumi-lang-yaml=\"`js`\" pulumi-lang-java=\"`js`\"\u003e`js`\u003c/span\u003e.\n","type":"string"}},"required":["decisionStrategy","logic","name","owner","policies","realmId","resourceServerId","resources","scopes","type","id"],"type":"object"}},"keycloak:openid/getClientScope:getClientScope":{"description":"This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst offlineAccess = keycloak.openid.getClientScope({\n realmId: \"my-realm\",\n name: \"offline_access\",\n});\n// use the data source\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: offlineAccess.then(offlineAccess =\u003e offlineAccess.realmId),\n clientScopeId: offlineAccess.then(offlineAccess =\u003e offlineAccess.id),\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\noffline_access = keycloak.openid.get_client_scope(realm_id=\"my-realm\",\n name=\"offline_access\")\n# use the data source\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=offline_access.realm_id,\n client_scope_id=offline_access.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var offlineAccess = Keycloak.OpenId.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"offline_access\",\n });\n\n // use the data source\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.RealmId),\n ClientScopeId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.Id),\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tofflineAccess, err := openid.LookupClientScope(ctx, \u0026openid.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"offline_access\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: pulumi.String(offlineAccess.RealmId),\n\t\t\tClientScopeId: pulumi.String(offlineAccess.Id),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var offlineAccess = OpenidFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"offline_access\")\n .build());\n\n // use the data source\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder()\n .realmId(offlineAccess.realmId())\n .clientScopeId(offlineAccess.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${offlineAccess.realmId}\n clientScopeId: ${offlineAccess.id}\n name: audience-mapper\n includedCustomAudience: foo\nvariables:\n offlineAccess:\n fn::invoke:\n function: keycloak:openid:getClientScope\n arguments:\n realmId: my-realm\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClientScope.\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"}},"name":{"type":"string","description":"The name of the client scope.\n"},"realmId":{"type":"string","description":"The realm id.\n"}},"type":"object","required":["name","realmId"]},"outputs":{"description":"A collection of values returned by getClientScope.\n","properties":{"consentScreenText":{"type":"string"},"description":{"type":"string"},"extraConfig":{"additionalProperties":{"type":"string"},"type":"object"},"guiOrder":{"type":"integer"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"includeInTokenScope":{"type":"boolean"},"name":{"type":"string"},"realmId":{"type":"string"}},"required":["consentScreenText","description","extraConfig","guiOrder","includeInTokenScope","name","realmId","id"],"type":"object"}},"keycloak:openid/getClientServiceAccountUser:getClientServiceAccountUser":{"description":"This data source can be used to fetch information about the service account user that is associated with an OpenID client\nthat has service accounts enabled.\n\n## Example Usage\n\nIn this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user\nthat represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this\nuser, using the \u003cspan pulumi-lang-nodejs=\"`keycloak.UserRoles`\" pulumi-lang-dotnet=\"`keycloak.UserRoles`\" pulumi-lang-go=\"`UserRoles`\" pulumi-lang-python=\"`UserRoles`\" pulumi-lang-yaml=\"`keycloak.UserRoles`\" pulumi-lang-java=\"`keycloak.UserRoles`\"\u003e`keycloak.UserRoles`\u003c/span\u003e resource.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst serviceAccountUser = keycloak.openid.getClientServiceAccountUserOutput({\n realmId: realm.id,\n clientId: client.id,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst serviceAccountUserRoles = new keycloak.UserRoles(\"service_account_user_roles\", {\n realmId: realm.id,\n userId: serviceAccountUser.apply(serviceAccountUser =\u003e serviceAccountUser.id),\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nservice_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id,\n client_id=client.id)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\nservice_account_user_roles = keycloak.UserRoles(\"service_account_user_roles\",\n realm_id=realm.id,\n user_id=service_account_user.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var serviceAccountUser = Keycloak.OpenId.GetClientServiceAccountUser.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var serviceAccountUserRoles = new Keycloak.UserRoles(\"service_account_user_roles\", new()\n {\n RealmId = realm.Id,\n UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult =\u003e getClientServiceAccountUserResult.Id),\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccountUser := openid.GetClientServiceAccountUserOutput(ctx, openid.GetClientServiceAccountUserOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t}, nil)\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\t_, err = keycloak.NewUserRoles(ctx, \"service_account_user_roles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: pulumi.String(serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) {\n\t\t\t\treturn \u0026serviceAccountUser.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientServiceAccountUserArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n final var serviceAccountUser = OpenidFunctions.getClientServiceAccountUser(GetClientServiceAccountUserArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n var serviceAccountUserRoles = new UserRoles(\"serviceAccountUserRoles\", UserRolesArgs.builder()\n .realmId(realm.id())\n .userId(serviceAccountUser.applyValue(_serviceAccountUser -\u003e _serviceAccountUser.id()))\n .roleIds(offlineAccess.applyValue(_offlineAccess -\u003e _offlineAccess.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n serviceAccountUserRoles:\n type: keycloak:UserRoles\n name: service_account_user_roles\n properties:\n realmId: ${realm.id}\n userId: ${serviceAccountUser.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n serviceAccountUser:\n fn::invoke:\n function: keycloak:openid:getClientServiceAccountUser\n arguments:\n realmId: ${realm.id}\n clientId: ${client.id}\n offlineAccess:\n fn::invoke:\n function: keycloak:getRole\n arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClientServiceAccountUser.\n","properties":{"clientId":{"type":"string","description":"The ID of the OpenID client with service accounts enabled.\n"},"realmId":{"type":"string","description":"The realm that the OpenID client exists within.\n"}},"type":"object","required":["clientId","realmId"]},"outputs":{"description":"A collection of values returned by getClientServiceAccountUser.\n","properties":{"attributes":{"additionalProperties":{"type":"string"},"description":"(Computed) The service account user's attributes.\n","type":"object"},"clientId":{"type":"string"},"email":{"description":"(Computed) The service account user's email.\n","type":"string"},"emailVerified":{"type":"boolean"},"enabled":{"description":"(Computed) Whether the service account user is enabled.\n","type":"boolean"},"federatedIdentities":{"description":"(Computed) This attribute exists in order to adhere to the spec of a Keycloak user, but a service account user will never have a federated identity, so this will always be \u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e.\n","items":{"$ref":"#/types/keycloak:openid/getClientServiceAccountUserFederatedIdentity:getClientServiceAccountUserFederatedIdentity"},"type":"array"},"firstName":{"description":"(Computed) The service account user's first name.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"lastName":{"description":"(Computed) The service account user's last name.\n","type":"string"},"realmId":{"type":"string"},"requiredActions":{"items":{"type":"string"},"type":"array"},"username":{"description":"(Computed) The service account user's username.\n","type":"string"}},"required":["attributes","clientId","email","emailVerified","enabled","federatedIdentities","firstName","lastName","realmId","requiredActions","username","id"],"type":"object"}},"keycloak:saml/getClient:getClient":{"description":"This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.saml.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\n// use the data source\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.saml.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\n# use the data source\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.Saml.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n // use the data source\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := saml.LookupClient(ctx, \u0026saml.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = SamlFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n // use the data source\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.id())\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n function: keycloak:saml:getClient\n arguments:\n realmId: my-realm\n clientId: realm-management\n # use the data source\n admin:\n fn::invoke:\n function: keycloak:getRole\n arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClient.\n","properties":{"clientId":{"type":"string","description":"The client id (not its unique ID).\n"},"realmId":{"type":"string","description":"The realm id.\n"}},"type":"object","required":["clientId","realmId"]},"outputs":{"description":"A collection of values returned by getClient.\n","properties":{"alwaysDisplayInConsole":{"type":"boolean"},"assertionConsumerPostUrl":{"type":"string"},"assertionConsumerRedirectUrl":{"type":"string"},"authenticationFlowBindingOverrides":{"items":{"$ref":"#/types/keycloak:saml/getClientAuthenticationFlowBindingOverride:getClientAuthenticationFlowBindingOverride"},"type":"array"},"baseUrl":{"type":"string"},"canonicalizationMethod":{"type":"string"},"clientId":{"type":"string"},"clientSignatureRequired":{"type":"boolean"},"consentRequired":{"type":"boolean"},"description":{"type":"string"},"enabled":{"type":"boolean"},"encryptAssertions":{"type":"boolean"},"encryptionAlgorithm":{"type":"string"},"encryptionCertificate":{"type":"string"},"encryptionCertificateSha1":{"type":"string"},"encryptionDigestMethod":{"type":"string"},"encryptionKeyAlgorithm":{"type":"string"},"encryptionMaskGenerationFunction":{"type":"string"},"extraConfig":{"additionalProperties":{"type":"string"},"type":"object"},"forceNameIdFormat":{"type":"boolean"},"forcePostBinding":{"type":"boolean"},"frontChannelLogout":{"type":"boolean"},"fullScopeAllowed":{"type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"idpInitiatedSsoRelayState":{"type":"string"},"idpInitiatedSsoUrlName":{"type":"string"},"includeAuthnStatement":{"type":"boolean"},"loginTheme":{"type":"string"},"logoutServicePostBindingUrl":{"type":"string"},"logoutServiceRedirectBindingUrl":{"type":"string"},"masterSamlProcessingUrl":{"type":"string"},"name":{"type":"string"},"nameIdFormat":{"type":"string"},"realmId":{"type":"string"},"rootUrl":{"type":"string"},"samlSignatureKeyName":{"type":"string"},"signAssertions":{"type":"boolean"},"signDocuments":{"type":"boolean"},"signatureAlgorithm":{"type":"string"},"signatureKeyName":{"type":"string"},"signingCertificate":{"type":"string"},"signingCertificateSha1":{"type":"string"},"signingPrivateKey":{"type":"string"},"signingPrivateKeySha1":{"type":"string"},"validRedirectUris":{"items":{"type":"string"},"type":"array"}},"required":["alwaysDisplayInConsole","assertionConsumerPostUrl","assertionConsumerRedirectUrl","authenticationFlowBindingOverrides","baseUrl","canonicalizationMethod","clientId","clientSignatureRequired","consentRequired","description","enabled","encryptAssertions","encryptionAlgorithm","encryptionCertificate","encryptionCertificateSha1","encryptionDigestMethod","encryptionKeyAlgorithm","encryptionMaskGenerationFunction","extraConfig","forceNameIdFormat","forcePostBinding","frontChannelLogout","fullScopeAllowed","idpInitiatedSsoRelayState","idpInitiatedSsoUrlName","includeAuthnStatement","loginTheme","logoutServicePostBindingUrl","logoutServiceRedirectBindingUrl","masterSamlProcessingUrl","name","nameIdFormat","realmId","rootUrl","samlSignatureKeyName","signAssertions","signDocuments","signatureAlgorithm","signatureKeyName","signingCertificate","signingCertificateSha1","signingPrivateKey","signingPrivateKeySha1","validRedirectUris","id"],"type":"object"}},"keycloak:saml/getClientInstallationProvider:getClientInstallationProvider":{"description":"This data source can be used to retrieve Installation Provider of a SAML Client.\n\n## Example Usage\n\nIn the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as keycloak from \"@pulumi/keycloak\";\nimport * as std from \"@pulumi/std\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"test-saml-client\",\n name: \"test-saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: std.index.file({\n input: \"saml-cert.pem\",\n }).result,\n signingPrivateKey: std.index.file({\n input: \"saml-key.pem\",\n }).result,\n});\nconst samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({\n realmId: realm.id,\n clientId: samlClient.id,\n providerId: \"saml-idp-descriptor\",\n});\nconst _default = new aws.index.IamSamlProvider(\"default\", {\n name: \"myprovider\",\n samlMetadataDocument: samlIdpDescriptor.value,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_keycloak as keycloak\nimport pulumi_std as std\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"test-saml-client\",\n name=\"test-saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=std.index.file(input=\"saml-cert.pem\")[\"result\"],\n signing_private_key=std.index.file(input=\"saml-key.pem\")[\"result\"])\nsaml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,\n client_id=saml_client.id,\n provider_id=\"saml-idp-descriptor\")\ndefault = aws.index.IamSamlProvider(\"default\",\n name=myprovider,\n saml_metadata_document=saml_idp_descriptor.value)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Keycloak = Pulumi.Keycloak;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-saml-client\",\n Name = \"test-saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = Std.Index.File.Invoke(new()\n {\n Input = \"saml-cert.pem\",\n }).Result,\n SigningPrivateKey = Std.Index.File.Invoke(new()\n {\n Input = \"saml-key.pem\",\n }).Result,\n });\n\n var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n ProviderId = \"saml-idp-descriptor\",\n });\n\n var @default = new Aws.Index.IamSamlProvider(\"default\", new()\n {\n Name = \"myprovider\",\n SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult =\u003e getClientInstallationProviderResult.Value),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v7/go/aws\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, map[string]interface{}{\n\t\t\t\"input\": \"saml-cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, map[string]interface{}{\n\t\t\t\"input\": \"saml-key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tName: pulumi.String(\"test-saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: invokeFile.Result,\n\t\t\tSigningPrivateKey: invokeFile1.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProviderId: pulumi.String(\"saml-idp-descriptor\"),\n\t\t}, nil)\n\t\t_, err = aws.NewIamSamlProvider(ctx, \"default\", \u0026aws.IamSamlProviderArgs{\n\t\t\tName: \"myprovider\",\n\t\t\tSamlMetadataDocument: samlIdpDescriptor.Value,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;\nimport com.pulumi.aws.IamSamlProvider;\nimport com.pulumi.aws.IamSamlProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder()\n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"test-saml-client\")\n .name(\"test-saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(StdFunctions.file(Map.of(\"input\", \"saml-cert.pem\")).result())\n .signingPrivateKey(StdFunctions.file(Map.of(\"input\", \"saml-key.pem\")).result())\n .build());\n\n final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .providerId(\"saml-idp-descriptor\")\n .build());\n\n var default_ = new IamSamlProvider(\"default\", IamSamlProviderArgs.builder()\n .name(\"myprovider\")\n .samlMetadataDocument(samlIdpDescriptor.value())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: test-saml-client\n name: test-saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::invoke:\n function: std:file\n arguments:\n input: saml-cert.pem\n return: result\n signingPrivateKey:\n fn::invoke:\n function: std:file\n arguments:\n input: saml-key.pem\n return: result\n default:\n type: aws:IamSamlProvider\n properties:\n name: myprovider\n samlMetadataDocument: ${samlIdpDescriptor.value}\nvariables:\n samlIdpDescriptor:\n fn::invoke:\n function: keycloak:saml:getClientInstallationProvider\n arguments:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n providerId: saml-idp-descriptor\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClientInstallationProvider.\n","properties":{"clientId":{"type":"string","description":"The ID of the SAML client. The \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e attribute of a \u003cspan pulumi-lang-nodejs=\"`keycloakClient`\" pulumi-lang-dotnet=\"`KeycloakClient`\" pulumi-lang-go=\"`keycloakClient`\" pulumi-lang-python=\"`keycloak_client`\" pulumi-lang-yaml=\"`keycloakClient`\" pulumi-lang-java=\"`keycloakClient`\"\u003e`keycloak_client`\u003c/span\u003e resource should be used here.\n"},"providerId":{"type":"string","description":"The ID of the SAML installation provider. Could be one of `saml-idp-descriptor`, `keycloak-saml`, `saml-sp-descriptor`, `keycloak-saml-subsystem`, `mod-auth-mellon`, etc.\n"},"realmId":{"type":"string","description":"The realm that the SAML client exists within.\n"}},"type":"object","required":["clientId","providerId","realmId"]},"outputs":{"description":"A collection of values returned by getClientInstallationProvider.\n","properties":{"clientId":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"providerId":{"type":"string"},"realmId":{"type":"string"},"value":{"description":"(Computed) The returned document needed for SAML installation.\n","type":"string"}},"required":["clientId","providerId","realmId","value","id"],"type":"object"}},"keycloak:saml/getClientScope:getClientScope":{"description":"This data source can be used to fetch properties of a Keycloak SAML client scope for usage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst mysamlscope = keycloak.saml.getClientScope({\n realmId: \"my-realm\",\n name: \"mysamlscope\",\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: \"my-realm\",\n clientId: \"saml-client\",\n});\n// use the data source\nconst _default = new keycloak.saml.ClientDefaultScope(\"default\", {\n realmId: \"my-realm\",\n clientId: samlClient.id,\n defaultScopes: [mysamlscope.then(mysamlscope =\u003e mysamlscope.name)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmysamlscope = keycloak.saml.get_client_scope(realm_id=\"my-realm\",\n name=\"mysamlscope\")\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=\"my-realm\",\n client_id=\"saml-client\")\n# use the data source\ndefault = keycloak.saml.ClientDefaultScope(\"default\",\n realm_id=\"my-realm\",\n client_id=saml_client.id,\n default_scopes=[mysamlscope.name])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mysamlscope = Keycloak.Saml.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"mysamlscope\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = \"my-realm\",\n ClientId = \"saml-client\",\n });\n\n // use the data source\n var @default = new Keycloak.Saml.ClientDefaultScope(\"default\", new()\n {\n RealmId = \"my-realm\",\n ClientId = samlClient.Id,\n DefaultScopes = new[]\n {\n mysamlscope.Apply(getClientScopeResult =\u003e getClientScopeResult.Name),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmysamlscope, err := saml.LookupClientScope(ctx, \u0026saml.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"mysamlscope\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: pulumi.String(\"my-realm\"),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = saml.NewClientDefaultScope(ctx, \"default\", \u0026saml.ClientDefaultScopeArgs{\n\t\t\tRealmId: pulumi.String(\"my-realm\"),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(mysamlscope.Name),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ClientDefaultScope;\nimport com.pulumi.keycloak.saml.ClientDefaultScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var mysamlscope = SamlFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"mysamlscope\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"saml-client\")\n .build());\n\n // use the data source\n var default_ = new ClientDefaultScope(\"default\", ClientDefaultScopeArgs.builder()\n .realmId(\"my-realm\")\n .clientId(samlClient.id())\n .defaultScopes(mysamlscope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: my-realm\n clientId: saml-client\n # use the data source\n default:\n type: keycloak:saml:ClientDefaultScope\n properties:\n realmId: my-realm\n clientId: ${samlClient.id}\n defaultScopes:\n - ${mysamlscope.name}\nvariables:\n mysamlscope:\n fn::invoke:\n function: keycloak:saml:getClientScope\n arguments:\n realmId: my-realm\n name: mysamlscope\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getClientScope.\n","properties":{"extraConfig":{"type":"object","additionalProperties":{"type":"string"}},"name":{"type":"string","description":"The name of the client scope.\n"},"realmId":{"type":"string","description":"The realm id.\n"}},"type":"object","required":["name","realmId"]},"outputs":{"description":"A collection of values returned by getClientScope.\n","properties":{"consentScreenText":{"type":"string"},"description":{"type":"string"},"extraConfig":{"additionalProperties":{"type":"string"},"type":"object"},"guiOrder":{"type":"integer"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"name":{"type":"string"},"realmId":{"type":"string"}},"required":["consentScreenText","description","extraConfig","guiOrder","name","realmId","id"],"type":"object"}},"pulumi:providers:keycloak/terraformConfig":{"description":"This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.","inputs":{"properties":{"__self__":{"type":"ref","$ref":"#/provider"}},"type":"pulumi:providers:keycloak/terraformConfig","required":["__self__"]},"outputs":{"properties":{"result":{"additionalProperties":{"$ref":"pulumi.json#/Any"},"type":"object"}},"required":["result"],"type":"object"}}}}