com.pulumi.aws.verifiedpermissions.kotlin.IdentitySource.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-kotlin Show documentation
Show all versions of pulumi-aws-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.verifiedpermissions.kotlin
import com.pulumi.aws.verifiedpermissions.kotlin.outputs.IdentitySourceConfiguration
import com.pulumi.aws.verifiedpermissions.kotlin.outputs.IdentitySourceConfiguration.Companion.toKotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [IdentitySource].
*/
@PulumiTagMarker
public class IdentitySourceResourceBuilder internal constructor() {
public var name: String? = null
public var args: IdentitySourceArgs = IdentitySourceArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend IdentitySourceArgsBuilder.() -> Unit) {
val builder = IdentitySourceArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): IdentitySource {
val builtJavaResource =
com.pulumi.aws.verifiedpermissions.IdentitySource(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return IdentitySource(builtJavaResource)
}
}
/**
* Resource for managing an AWS Verified Permissions Identity Source.
* ## Example Usage
* ### Cognito User Pool Configuration Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.verifiedpermissions.PolicyStore("example", {validationSettings: {
* mode: "STRICT",
* }});
* const exampleUserPool = new aws.cognito.UserPool("example", {name: "example"});
* const exampleUserPoolClient = new aws.cognito.UserPoolClient("example", {
* name: "example",
* userPoolId: exampleUserPool.id,
* explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
* });
* const exampleIdentitySource = new aws.verifiedpermissions.IdentitySource("example", {
* policyStoreId: example.id,
* configuration: {
* cognitoUserPoolConfiguration: {
* userPoolArn: exampleUserPool.arn,
* clientIds: [exampleUserPoolClient.id],
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.verifiedpermissions.PolicyStore("example", validation_settings={
* "mode": "STRICT",
* })
* example_user_pool = aws.cognito.UserPool("example", name="example")
* example_user_pool_client = aws.cognito.UserPoolClient("example",
* name="example",
* user_pool_id=example_user_pool.id,
* explicit_auth_flows=["ADMIN_NO_SRP_AUTH"])
* example_identity_source = aws.verifiedpermissions.IdentitySource("example",
* policy_store_id=example.id,
* configuration={
* "cognito_user_pool_configuration": {
* "user_pool_arn": example_user_pool.arn,
* "client_ids": [example_user_pool_client.id],
* },
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.VerifiedPermissions.PolicyStore("example", new()
* {
* ValidationSettings = new Aws.VerifiedPermissions.Inputs.PolicyStoreValidationSettingsArgs
* {
* Mode = "STRICT",
* },
* });
* var exampleUserPool = new Aws.Cognito.UserPool("example", new()
* {
* Name = "example",
* });
* var exampleUserPoolClient = new Aws.Cognito.UserPoolClient("example", new()
* {
* Name = "example",
* UserPoolId = exampleUserPool.Id,
* ExplicitAuthFlows = new[]
* {
* "ADMIN_NO_SRP_AUTH",
* },
* });
* var exampleIdentitySource = new Aws.VerifiedPermissions.IdentitySource("example", new()
* {
* PolicyStoreId = example.Id,
* Configuration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationArgs
* {
* CognitoUserPoolConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs
* {
* UserPoolArn = exampleUserPool.Arn,
* ClientIds = new[]
* {
* exampleUserPoolClient.Id,
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedpermissions"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := verifiedpermissions.NewPolicyStore(ctx, "example", &verifiedpermissions.PolicyStoreArgs{
* ValidationSettings: &verifiedpermissions.PolicyStoreValidationSettingsArgs{
* Mode: pulumi.String("STRICT"),
* },
* })
* if err != nil {
* return err
* }
* exampleUserPool, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
* Name: pulumi.String("example"),
* })
* if err != nil {
* return err
* }
* exampleUserPoolClient, err := cognito.NewUserPoolClient(ctx, "example", &cognito.UserPoolClientArgs{
* Name: pulumi.String("example"),
* UserPoolId: exampleUserPool.ID(),
* ExplicitAuthFlows: pulumi.StringArray{
* pulumi.String("ADMIN_NO_SRP_AUTH"),
* },
* })
* if err != nil {
* return err
* }
* _, err = verifiedpermissions.NewIdentitySource(ctx, "example", &verifiedpermissions.IdentitySourceArgs{
* PolicyStoreId: example.ID(),
* Configuration: &verifiedpermissions.IdentitySourceConfigurationArgs{
* CognitoUserPoolConfiguration: &verifiedpermissions.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs{
* UserPoolArn: exampleUserPool.Arn,
* ClientIds: pulumi.StringArray{
* exampleUserPoolClient.ID(),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.verifiedpermissions.PolicyStore;
* import com.pulumi.aws.verifiedpermissions.PolicyStoreArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.PolicyStoreValidationSettingsArgs;
* import com.pulumi.aws.cognito.UserPool;
* import com.pulumi.aws.cognito.UserPoolArgs;
* import com.pulumi.aws.cognito.UserPoolClient;
* import com.pulumi.aws.cognito.UserPoolClientArgs;
* import com.pulumi.aws.verifiedpermissions.IdentitySource;
* import com.pulumi.aws.verifiedpermissions.IdentitySourceArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationCognitoUserPoolConfigurationArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new PolicyStore("example", PolicyStoreArgs.builder()
* .validationSettings(PolicyStoreValidationSettingsArgs.builder()
* .mode("STRICT")
* .build())
* .build());
* var exampleUserPool = new UserPool("exampleUserPool", UserPoolArgs.builder()
* .name("example")
* .build());
* var exampleUserPoolClient = new UserPoolClient("exampleUserPoolClient", UserPoolClientArgs.builder()
* .name("example")
* .userPoolId(exampleUserPool.id())
* .explicitAuthFlows("ADMIN_NO_SRP_AUTH")
* .build());
* var exampleIdentitySource = new IdentitySource("exampleIdentitySource", IdentitySourceArgs.builder()
* .policyStoreId(example.id())
* .configuration(IdentitySourceConfigurationArgs.builder()
* .cognitoUserPoolConfiguration(IdentitySourceConfigurationCognitoUserPoolConfigurationArgs.builder()
* .userPoolArn(exampleUserPool.arn())
* .clientIds(exampleUserPoolClient.id())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:verifiedpermissions:PolicyStore
* properties:
* validationSettings:
* mode: STRICT
* exampleUserPool:
* type: aws:cognito:UserPool
* name: example
* properties:
* name: example
* exampleUserPoolClient:
* type: aws:cognito:UserPoolClient
* name: example
* properties:
* name: example
* userPoolId: ${exampleUserPool.id}
* explicitAuthFlows:
* - ADMIN_NO_SRP_AUTH
* exampleIdentitySource:
* type: aws:verifiedpermissions:IdentitySource
* name: example
* properties:
* policyStoreId: ${example.id}
* configuration:
* cognitoUserPoolConfiguration:
* userPoolArn: ${exampleUserPool.arn}
* clientIds:
* - ${exampleUserPoolClient.id}
* ```
*
* ### OpenID Connect Configuration Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.verifiedpermissions.PolicyStore("example", {validationSettings: {
* mode: "STRICT",
* }});
* const exampleIdentitySource = new aws.verifiedpermissions.IdentitySource("example", {
* policyStoreId: example.id,
* configuration: {
* openIdConnectConfiguration: {
* issuer: "https://auth.example.com",
* tokenSelection: {
* accessTokenOnly: {
* audiences: ["https://myapp.example.com"],
* principalIdClaim: "sub",
* },
* },
* entityIdPrefix: "MyOIDCProvider",
* groupConfiguration: {
* groupClaim: "groups",
* groupEntityType: "MyCorp::UserGroup",
* },
* },
* },
* principalEntityType: "MyCorp::User",
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.verifiedpermissions.PolicyStore("example", validation_settings={
* "mode": "STRICT",
* })
* example_identity_source = aws.verifiedpermissions.IdentitySource("example",
* policy_store_id=example.id,
* configuration={
* "open_id_connect_configuration": {
* "issuer": "https://auth.example.com",
* "token_selection": {
* "access_token_only": {
* "audiences": ["https://myapp.example.com"],
* "principal_id_claim": "sub",
* },
* },
* "entity_id_prefix": "MyOIDCProvider",
* "group_configuration": {
* "group_claim": "groups",
* "group_entity_type": "MyCorp::UserGroup",
* },
* },
* },
* principal_entity_type="MyCorp::User")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.VerifiedPermissions.PolicyStore("example", new()
* {
* ValidationSettings = new Aws.VerifiedPermissions.Inputs.PolicyStoreValidationSettingsArgs
* {
* Mode = "STRICT",
* },
* });
* var exampleIdentitySource = new Aws.VerifiedPermissions.IdentitySource("example", new()
* {
* PolicyStoreId = example.Id,
* Configuration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationArgs
* {
* OpenIdConnectConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationArgs
* {
* Issuer = "https://auth.example.com",
* TokenSelection = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs
* {
* AccessTokenOnly = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs
* {
* Audiences = new[]
* {
* "https://myapp.example.com",
* },
* PrincipalIdClaim = "sub",
* },
* },
* EntityIdPrefix = "MyOIDCProvider",
* GroupConfiguration = new Aws.VerifiedPermissions.Inputs.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs
* {
* GroupClaim = "groups",
* GroupEntityType = "MyCorp::UserGroup",
* },
* },
* },
* PrincipalEntityType = "MyCorp::User",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedpermissions"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := verifiedpermissions.NewPolicyStore(ctx, "example", &verifiedpermissions.PolicyStoreArgs{
* ValidationSettings: &verifiedpermissions.PolicyStoreValidationSettingsArgs{
* Mode: pulumi.String("STRICT"),
* },
* })
* if err != nil {
* return err
* }
* _, err = verifiedpermissions.NewIdentitySource(ctx, "example", &verifiedpermissions.IdentitySourceArgs{
* PolicyStoreId: example.ID(),
* Configuration: &verifiedpermissions.IdentitySourceConfigurationArgs{
* OpenIdConnectConfiguration: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationArgs{
* Issuer: pulumi.String("https://auth.example.com"),
* TokenSelection: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs{
* AccessTokenOnly: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs{
* Audiences: pulumi.StringArray{
* pulumi.String("https://myapp.example.com"),
* },
* PrincipalIdClaim: pulumi.String("sub"),
* },
* },
* EntityIdPrefix: pulumi.String("MyOIDCProvider"),
* GroupConfiguration: &verifiedpermissions.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs{
* GroupClaim: pulumi.String("groups"),
* GroupEntityType: pulumi.String("MyCorp::UserGroup"),
* },
* },
* },
* PrincipalEntityType: pulumi.String("MyCorp::User"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.verifiedpermissions.PolicyStore;
* import com.pulumi.aws.verifiedpermissions.PolicyStoreArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.PolicyStoreValidationSettingsArgs;
* import com.pulumi.aws.verifiedpermissions.IdentitySource;
* import com.pulumi.aws.verifiedpermissions.IdentitySourceArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs;
* import com.pulumi.aws.verifiedpermissions.inputs.IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new PolicyStore("example", PolicyStoreArgs.builder()
* .validationSettings(PolicyStoreValidationSettingsArgs.builder()
* .mode("STRICT")
* .build())
* .build());
* var exampleIdentitySource = new IdentitySource("exampleIdentitySource", IdentitySourceArgs.builder()
* .policyStoreId(example.id())
* .configuration(IdentitySourceConfigurationArgs.builder()
* .openIdConnectConfiguration(IdentitySourceConfigurationOpenIdConnectConfigurationArgs.builder()
* .issuer("https://auth.example.com")
* .tokenSelection(IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionArgs.builder()
* .accessTokenOnly(IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnlyArgs.builder()
* .audiences("https://myapp.example.com")
* .principalIdClaim("sub")
* .build())
* .build())
* .entityIdPrefix("MyOIDCProvider")
* .groupConfiguration(IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfigurationArgs.builder()
* .groupClaim("groups")
* .groupEntityType("MyCorp::UserGroup")
* .build())
* .build())
* .build())
* .principalEntityType("MyCorp::User")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:verifiedpermissions:PolicyStore
* properties:
* validationSettings:
* mode: STRICT
* exampleIdentitySource:
* type: aws:verifiedpermissions:IdentitySource
* name: example
* properties:
* policyStoreId: ${example.id}
* configuration:
* openIdConnectConfiguration:
* issuer: https://auth.example.com
* tokenSelection:
* accessTokenOnly:
* audiences:
* - https://myapp.example.com
* principalIdClaim: sub
* entityIdPrefix: MyOIDCProvider
* groupConfiguration:
* groupClaim: groups
* groupEntityType: MyCorp::UserGroup
* principalEntityType: MyCorp::User
* ```
*
* ## Import
* Using `pulumi import`, import Verified Permissions Identity Source using the `policy_store_id:identity_source_id`. For example:
* ```sh
* $ pulumi import aws:verifiedpermissions/identitySource:IdentitySource example policy-store-id-12345678:identity-source-id-12345678
* ```
*/
public class IdentitySource internal constructor(
override val javaResource: com.pulumi.aws.verifiedpermissions.IdentitySource,
) : KotlinCustomResource(javaResource, IdentitySourceMapper) {
/**
* Specifies the details required to communicate with the identity provider (IdP) associated with this identity source. See Configuration below.
*/
public val configuration: Output?
get() = javaResource.configuration().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> toKotlin(args0) })
}).orElse(null)
})
/**
* Specifies the ID of the policy store in which you want to store this identity source.
*/
public val policyStoreId: Output
get() = javaResource.policyStoreId().applyValue({ args0 -> args0 })
/**
* Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
*/
public val principalEntityType: Output
get() = javaResource.principalEntityType().applyValue({ args0 -> args0 })
}
public object IdentitySourceMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.aws.verifiedpermissions.IdentitySource::class == javaResource::class
override fun map(javaResource: Resource): IdentitySource = IdentitySource(
javaResource as
com.pulumi.aws.verifiedpermissions.IdentitySource,
)
}
/**
* @see [IdentitySource].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [IdentitySource].
*/
public suspend fun identitySource(
name: String,
block: suspend IdentitySourceResourceBuilder.() -> Unit,
): IdentitySource {
val builder = IdentitySourceResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [IdentitySource].
* @param name The _unique_ name of the resulting resource.
*/
public fun identitySource(name: String): IdentitySource {
val builder = IdentitySourceResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy