All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • com.pulumi.vault.identity.kotlin.OidcProvider.kt Maven / Gradle / Ivy

    Go to download

    Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

    There is a newer version: 6.4.0.0
    Show newest version
    @file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.vault.identity.kotlin

import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List

/**
 * Builder for [OidcProvider].
 */
@PulumiTagMarker
public class OidcProviderResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: OidcProviderArgs = OidcProviderArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend OidcProviderArgsBuilder.() -> Unit) {
        val builder = OidcProviderArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): OidcProvider {
        val builtJavaResource = com.pulumi.vault.identity.OidcProvider(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return OidcProvider(builtJavaResource)
    }
}

/**
 * Manages OIDC Providers in a Vault server. See the [Vault documentation](https://www.vaultproject.io/api-docs/secret/identity/oidc-provider#create-or-update-an-assignment)
 * for more information.
 * ## Example Usage
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as vault from "@pulumi/vault";
 * const test = new vault.identity.OidcKey("test", {
 *     name: "my-key",
 *     allowedClientIds: ["*"],
 *     rotationPeriod: 3600,
 *     verificationTtl: 3600,
 * });
 * const testOidcAssignment = new vault.identity.OidcAssignment("test", {
 *     name: "my-assignment",
 *     entityIds: ["fake-ascbascas-2231a-sdfaa"],
 *     groupIds: ["fake-sajkdsad-32414-sfsada"],
 * });
 * const testOidcClient = new vault.identity.OidcClient("test", {
 *     name: "application",
 *     key: test.name,
 *     redirectUris: [
 *         "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
 *         "http://127.0.0.1:8251/callback",
 *         "http://127.0.0.1:8080/callback",
 *     ],
 *     assignments: [testOidcAssignment.name],
 *     idTokenTtl: 2400,
 *     accessTokenTtl: 7200,
 * });
 * const testOidcScope = new vault.identity.OidcScope("test", {
 *     name: "groups",
 *     template: JSON.stringify({
 *         groups: "{{identity.entity.groups.names}}",
 *     }),
 *     description: "Groups scope.",
 * });
 * const testOidcProvider = new vault.identity.OidcProvider("test", {
 *     name: "my-provider",
 *     httpsEnabled: false,
 *     issuerHost: "127.0.0.1:8200",
 *     allowedClientIds: [testOidcClient.clientId],
 *     scopesSupporteds: [testOidcScope.name],
 * });
 * ```
 * ```python
 * import pulumi
 * import json
 * import pulumi_vault as vault
 * test = vault.identity.OidcKey("test",
 *     name="my-key",
 *     allowed_client_ids=["*"],
 *     rotation_period=3600,
 *     verification_ttl=3600)
 * test_oidc_assignment = vault.identity.OidcAssignment("test",
 *     name="my-assignment",
 *     entity_ids=["fake-ascbascas-2231a-sdfaa"],
 *     group_ids=["fake-sajkdsad-32414-sfsada"])
 * test_oidc_client = vault.identity.OidcClient("test",
 *     name="application",
 *     key=test.name,
 *     redirect_uris=[
 *         "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
 *         "http://127.0.0.1:8251/callback",
 *         "http://127.0.0.1:8080/callback",
 *     ],
 *     assignments=[test_oidc_assignment.name],
 *     id_token_ttl=2400,
 *     access_token_ttl=7200)
 * test_oidc_scope = vault.identity.OidcScope("test",
 *     name="groups",
 *     template=json.dumps({
 *         "groups": "{{identity.entity.groups.names}}",
 *     }),
 *     description="Groups scope.")
 * test_oidc_provider = vault.identity.OidcProvider("test",
 *     name="my-provider",
 *     https_enabled=False,
 *     issuer_host="127.0.0.1:8200",
 *     allowed_client_ids=[test_oidc_client.client_id],
 *     scopes_supporteds=[test_oidc_scope.name])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using System.Text.Json;
 * using Pulumi;
 * using Vault = Pulumi.Vault;
 * return await Deployment.RunAsync(() =>
 * {
 *     var test = new Vault.Identity.OidcKey("test", new()
 *     {
 *         Name = "my-key",
 *         AllowedClientIds = new[]
 *         {
 *             "*",
 *         },
 *         RotationPeriod = 3600,
 *         VerificationTtl = 3600,
 *     });
 *     var testOidcAssignment = new Vault.Identity.OidcAssignment("test", new()
 *     {
 *         Name = "my-assignment",
 *         EntityIds = new[]
 *         {
 *             "fake-ascbascas-2231a-sdfaa",
 *         },
 *         GroupIds = new[]
 *         {
 *             "fake-sajkdsad-32414-sfsada",
 *         },
 *     });
 *     var testOidcClient = new Vault.Identity.OidcClient("test", new()
 *     {
 *         Name = "application",
 *         Key = test.Name,
 *         RedirectUris = new[]
 *         {
 *             "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
 *             "http://127.0.0.1:8251/callback",
 *             "http://127.0.0.1:8080/callback",
 *         },
 *         Assignments = new[]
 *         {
 *             testOidcAssignment.Name,
 *         },
 *         IdTokenTtl = 2400,
 *         AccessTokenTtl = 7200,
 *     });
 *     var testOidcScope = new Vault.Identity.OidcScope("test", new()
 *     {
 *         Name = "groups",
 *         Template = JsonSerializer.Serialize(new Dictionary
 *         {
 *             ["groups"] = "{{identity.entity.groups.names}}",
 *         }),
 *         Description = "Groups scope.",
 *     });
 *     var testOidcProvider = new Vault.Identity.OidcProvider("test", new()
 *     {
 *         Name = "my-provider",
 *         HttpsEnabled = false,
 *         IssuerHost = "127.0.0.1:8200",
 *         AllowedClientIds = new[]
 *         {
 *             testOidcClient.ClientId,
 *         },
 *         ScopesSupporteds = new[]
 *         {
 *             testOidcScope.Name,
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"encoding/json"
 * 	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		test, err := identity.NewOidcKey(ctx, "test", &identity.OidcKeyArgs{
 * 			Name: pulumi.String("my-key"),
 * 			AllowedClientIds: pulumi.StringArray{
 * 				pulumi.String("*"),
 * 			},
 * 			RotationPeriod:  pulumi.Int(3600),
 * 			VerificationTtl: pulumi.Int(3600),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		testOidcAssignment, err := identity.NewOidcAssignment(ctx, "test", &identity.OidcAssignmentArgs{
 * 			Name: pulumi.String("my-assignment"),
 * 			EntityIds: pulumi.StringArray{
 * 				pulumi.String("fake-ascbascas-2231a-sdfaa"),
 * 			},
 * 			GroupIds: pulumi.StringArray{
 * 				pulumi.String("fake-sajkdsad-32414-sfsada"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		testOidcClient, err := identity.NewOidcClient(ctx, "test", &identity.OidcClientArgs{
 * 			Name: pulumi.String("application"),
 * 			Key:  test.Name,
 * 			RedirectUris: pulumi.StringArray{
 * 				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
 * 				pulumi.String("http://127.0.0.1:8251/callback"),
 * 				pulumi.String("http://127.0.0.1:8080/callback"),
 * 			},
 * 			Assignments: pulumi.StringArray{
 * 				testOidcAssignment.Name,
 * 			},
 * 			IdTokenTtl:     pulumi.Int(2400),
 * 			AccessTokenTtl: pulumi.Int(7200),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		tmpJSON0, err := json.Marshal(map[string]interface{}{
 * 			"groups": "{{identity.entity.groups.names}}",
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		json0 := string(tmpJSON0)
 * 		testOidcScope, err := identity.NewOidcScope(ctx, "test", &identity.OidcScopeArgs{
 * 			Name:        pulumi.String("groups"),
 * 			Template:    pulumi.String(json0),
 * 			Description: pulumi.String("Groups scope."),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = identity.NewOidcProvider(ctx, "test", &identity.OidcProviderArgs{
 * 			Name:         pulumi.String("my-provider"),
 * 			HttpsEnabled: pulumi.Bool(false),
 * 			IssuerHost:   pulumi.String("127.0.0.1:8200"),
 * 			AllowedClientIds: pulumi.StringArray{
 * 				testOidcClient.ClientId,
 * 			},
 * 			ScopesSupporteds: pulumi.StringArray{
 * 				testOidcScope.Name,
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.vault.identity.OidcKey;
 * import com.pulumi.vault.identity.OidcKeyArgs;
 * import com.pulumi.vault.identity.OidcAssignment;
 * import com.pulumi.vault.identity.OidcAssignmentArgs;
 * import com.pulumi.vault.identity.OidcClient;
 * import com.pulumi.vault.identity.OidcClientArgs;
 * import com.pulumi.vault.identity.OidcScope;
 * import com.pulumi.vault.identity.OidcScopeArgs;
 * import com.pulumi.vault.identity.OidcProvider;
 * import com.pulumi.vault.identity.OidcProviderArgs;
 * import static com.pulumi.codegen.internal.Serialization.*;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var test = new OidcKey("test", OidcKeyArgs.builder()
 *             .name("my-key")
 *             .allowedClientIds("*")
 *             .rotationPeriod(3600)
 *             .verificationTtl(3600)
 *             .build());
 *         var testOidcAssignment = new OidcAssignment("testOidcAssignment", OidcAssignmentArgs.builder()
 *             .name("my-assignment")
 *             .entityIds("fake-ascbascas-2231a-sdfaa")
 *             .groupIds("fake-sajkdsad-32414-sfsada")
 *             .build());
 *         var testOidcClient = new OidcClient("testOidcClient", OidcClientArgs.builder()
 *             .name("application")
 *             .key(test.name())
 *             .redirectUris(
 *                 "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
 *                 "http://127.0.0.1:8251/callback",
 *                 "http://127.0.0.1:8080/callback")
 *             .assignments(testOidcAssignment.name())
 *             .idTokenTtl(2400)
 *             .accessTokenTtl(7200)
 *             .build());
 *         var testOidcScope = new OidcScope("testOidcScope", OidcScopeArgs.builder()
 *             .name("groups")
 *             .template(serializeJson(
 *                 jsonObject(
 *                     jsonProperty("groups", "{{identity.entity.groups.names}}")
 *                 )))
 *             .description("Groups scope.")
 *             .build());
 *         var testOidcProvider = new OidcProvider("testOidcProvider", OidcProviderArgs.builder()
 *             .name("my-provider")
 *             .httpsEnabled(false)
 *             .issuerHost("127.0.0.1:8200")
 *             .allowedClientIds(testOidcClient.clientId())
 *             .scopesSupporteds(testOidcScope.name())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   test:
 *     type: vault:identity:OidcKey
 *     properties:
 *       name: my-key
 *       allowedClientIds:
 *         - '*'
 *       rotationPeriod: 3600
 *       verificationTtl: 3600
 *   testOidcAssignment:
 *     type: vault:identity:OidcAssignment
 *     name: test
 *     properties:
 *       name: my-assignment
 *       entityIds:
 *         - fake-ascbascas-2231a-sdfaa
 *       groupIds:
 *         - fake-sajkdsad-32414-sfsada
 *   testOidcClient:
 *     type: vault:identity:OidcClient
 *     name: test
 *     properties:
 *       name: application
 *       key: ${test.name}
 *       redirectUris:
 *         - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
 *         - http://127.0.0.1:8251/callback
 *         - http://127.0.0.1:8080/callback
 *       assignments:
 *         - ${testOidcAssignment.name}
 *       idTokenTtl: 2400
 *       accessTokenTtl: 7200
 *   testOidcScope:
 *     type: vault:identity:OidcScope
 *     name: test
 *     properties:
 *       name: groups
 *       template:
 *         fn::toJSON:
 *           groups: '{{identity.entity.groups.names}}'
 *       description: Groups scope.
 *   testOidcProvider:
 *     type: vault:identity:OidcProvider
 *     name: test
 *     properties:
 *       name: my-provider
 *       httpsEnabled: false
 *       issuerHost: 127.0.0.1:8200
 *       allowedClientIds:
 *         - ${testOidcClient.clientId}
 *       scopesSupporteds:
 *         - ${testOidcScope.name}
 * ```
 * 
 * ## Import
 * OIDC Providers can be imported using the `name`, e.g.
 * ```sh
 * $ pulumi import vault:identity/oidcProvider:OidcProvider test my-provider
 * ```
 */
public class OidcProvider internal constructor(
    override val javaResource: com.pulumi.vault.identity.OidcProvider,
) : KotlinCustomResource(javaResource, OidcProviderMapper) {
    /**
     * The client IDs that are permitted to use the provider.
     * If empty, no clients are allowed. If `*`, all clients are allowed.
     */
    public val allowedClientIds: Output>?
        get() = javaResource.allowedClientIds().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 -> args0 })
            }).orElse(null)
        })

    /**
     * Set to true if the issuer endpoint uses HTTPS.
     */
    public val httpsEnabled: Output?
        get() = javaResource.httpsEnabled().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * Specifies what will be used as the `scheme://host:port`
     * component for the `iss` claim of ID tokens. This value is computed using the
     * `issuer_host` and `https_enabled` fields.
     */
    public val issuer: Output
        get() = javaResource.issuer().applyValue({ args0 -> args0 })

    /**
     * The host for the issuer. Can be either host or host:port.
     */
    public val issuerHost: Output?
        get() = javaResource.issuerHost().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The name of the provider.
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The namespace to provision the resource in.
     * The value should not contain leading or trailing forward slashes.
     * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
     * *Available only for Vault Enterprise*.
     */
    public val namespace: Output?
        get() = javaResource.namespace().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })

    /**
     * The scopes available for requesting on the provider.
     */
    public val scopesSupporteds: Output>?
        get() = javaResource.scopesSupporteds().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 -> args0 })
            }).orElse(null)
        })
}

public object OidcProviderMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.vault.identity.OidcProvider::class == javaResource::class

    override fun map(javaResource: Resource): OidcProvider = OidcProvider(
        javaResource as
            com.pulumi.vault.identity.OidcProvider,
    )
}

/**
 * @see [OidcProvider].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [OidcProvider].
 */
public suspend fun oidcProvider(
    name: String,
    block: suspend OidcProviderResourceBuilder.() -> Unit,
): OidcProvider {
    val builder = OidcProviderResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [OidcProvider].
 * @param name The _unique_ name of the resulting resource.
 */
public fun oidcProvider(name: String): OidcProvider {
    val builder = OidcProviderResourceBuilder()
    builder.name(name)
    return builder.build()
}




    © 2015 - 2025 Weber Informatics LLC | Privacy Policy