Keycloak v6.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
keycloak.getRole
Explore with Pulumi AI
This data source can be used to fetch properties of a Keycloak role for
usage with other resources, such as keycloak.GroupRoles.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const offlineAccess = keycloak.getRoleOutput({
    realmId: realm.id,
    name: "offline_access",
});
// use the data source
const group = new keycloak.Group("group", {
    realmId: realm.id,
    name: "group",
});
const groupRoles = new keycloak.GroupRoles("group_roles", {
    realmId: realm.id,
    groupId: group.id,
    roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)],
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
offline_access = keycloak.get_role_output(realm_id=realm.id,
    name="offline_access")
# use the data source
group = keycloak.Group("group",
    realm_id=realm.id,
    name="group")
group_roles = keycloak.GroupRoles("group_roles",
    realm_id=realm.id,
    group_id=group.id,
    role_ids=[offline_access.id])
package main
import (
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		offlineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{
			RealmId: realm.ID(),
			Name:    pulumi.String("offline_access"),
		}, nil)
		// use the data source
		group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{
			RealmId: realm.ID(),
			Name:    pulumi.String("group"),
		})
		if err != nil {
			return err
		}
		_, err = keycloak.NewGroupRoles(ctx, "group_roles", &keycloak.GroupRolesArgs{
			RealmId: realm.ID(),
			GroupId: group.ID(),
			RoleIds: pulumi.StringArray{
				pulumi.String(offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {
					return &offlineAccess.Id, nil
				}).(pulumi.StringPtrOutput)),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() => 
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });
    var offlineAccess = Keycloak.GetRole.Invoke(new()
    {
        RealmId = realm.Id,
        Name = "offline_access",
    });
    // use the data source
    var @group = new Keycloak.Group("group", new()
    {
        RealmId = realm.Id,
        Name = "group",
    });
    var groupRoles = new Keycloak.GroupRoles("group_roles", new()
    {
        RealmId = realm.Id,
        GroupId = @group.Id,
        RoleIds = new[]
        {
            offlineAccess.Apply(getRoleResult => getRoleResult.Id),
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import com.pulumi.keycloak.Group;
import com.pulumi.keycloak.GroupArgs;
import com.pulumi.keycloak.GroupRoles;
import com.pulumi.keycloak.GroupRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()
            .realm("my-realm")
            .enabled(true)
            .build());
        final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()
            .realmId(realm.id())
            .name("offline_access")
            .build());
        // use the data source
        var group = new Group("group", GroupArgs.builder()
            .realmId(realm.id())
            .name("group")
            .build());
        var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder()
            .realmId(realm.id())
            .groupId(group.id())
            .roleIds(offlineAccess.applyValue(_offlineAccess -> _offlineAccess.id()))
            .build());
    }
}
resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  # use the data source
  group:
    type: keycloak:Group
    properties:
      realmId: ${realm.id}
      name: group
  groupRoles:
    type: keycloak:GroupRoles
    name: group_roles
    properties:
      realmId: ${realm.id}
      groupId: ${group.id}
      roleIds:
        - ${offlineAccess.id}
variables:
  offlineAccess:
    fn::invoke:
      function: keycloak:getRole
      arguments:
        realmId: ${realm.id}
        name: offline_access
Using getRole
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRole(args: GetRoleArgs, opts?: InvokeOptions): Promise<GetRoleResult>
function getRoleOutput(args: GetRoleOutputArgs, opts?: InvokeOptions): Output<GetRoleResult>def get_role(client_id: Optional[str] = None,
             name: Optional[str] = None,
             realm_id: Optional[str] = None,
             opts: Optional[InvokeOptions] = None) -> GetRoleResult
def get_role_output(client_id: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
             realm_id: Optional[pulumi.Input[str]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetRoleResult]func LookupRole(ctx *Context, args *LookupRoleArgs, opts ...InvokeOption) (*LookupRoleResult, error)
func LookupRoleOutput(ctx *Context, args *LookupRoleOutputArgs, opts ...InvokeOption) LookupRoleResultOutput> Note: This function is named LookupRole in the Go SDK.
public static class GetRole 
{
    public static Task<GetRoleResult> InvokeAsync(GetRoleArgs args, InvokeOptions? opts = null)
    public static Output<GetRoleResult> Invoke(GetRoleInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetRoleResult> getRole(GetRoleArgs args, InvokeOptions options)
public static Output<GetRoleResult> getRole(GetRoleArgs args, InvokeOptions options)
fn::invoke:
  function: keycloak:index/getRole:getRole
  arguments:
    # arguments dictionaryThe following arguments are supported:
getRole Result
The following output properties are available:
- Attributes Dictionary<string, string>
- CompositeRoles List<string>
- Description string
- (Computed) The description of the role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- RealmId string
- ClientId string
- Attributes map[string]string
- CompositeRoles []string
- Description string
- (Computed) The description of the role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- RealmId string
- ClientId string
- attributes Map<String,String>
- compositeRoles List<String>
- description String
- (Computed) The description of the role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- realmId String
- clientId String
- attributes {[key: string]: string}
- compositeRoles string[]
- description string
- (Computed) The description of the role.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- realmId string
- clientId string
- attributes Mapping[str, str]
- composite_roles Sequence[str]
- description str
- (Computed) The description of the role.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- realm_id str
- client_id str
- attributes Map<String>
- compositeRoles List<String>
- description String
- (Computed) The description of the role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- realmId String
- clientId String
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the keycloakTerraform Provider.