Ready to level-up your engineering skills? Join a Pulumi Workshop. Register Now

AuthConfigAzureAd

Provides a Rancher v2 Auth Config AzureAD resource. This can be used to configure and enable Auth Config AzureAD for Rancher v2 RKE clusters and retrieve their information.

In addition to the built-in local auth, only one external auth config provider can be enabled at a time.

Example Usage

using Pulumi;
using Rancher2 = Pulumi.Rancher2;

class MyStack : Stack
{
    public MyStack()
    {
        // Create a new rancher2 Auth Config AzureAD
        var azuread = new Rancher2.AuthConfigAzureAd("azuread", new Rancher2.AuthConfigAzureAdArgs
        {
            ApplicationId = "<AZUREAD_APP_ID>",
            ApplicationSecret = "<AZUREAD_APP_SECRET>",
            AuthEndpoint = "<AZUREAD_AUTH_ENDPOINT>",
            GraphEndpoint = "<AZUREAD_GRAPH_ENDPOINT>",
            RancherUrl = "<RANCHER_URL>",
            TenantId = "<AZUREAD_TENANT_ID>",
            TokenEndpoint = "<AZUREAD_TOKEN_ENDPOINT>",
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-rancher2/sdk/v2/go/rancher2"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := rancher2.NewAuthConfigAzureAd(ctx, "azuread", &rancher2.AuthConfigAzureAdArgs{
            ApplicationId:     pulumi.String("<AZUREAD_APP_ID>"),
            ApplicationSecret: pulumi.String("<AZUREAD_APP_SECRET>"),
            AuthEndpoint:      pulumi.String("<AZUREAD_AUTH_ENDPOINT>"),
            GraphEndpoint:     pulumi.String("<AZUREAD_GRAPH_ENDPOINT>"),
            RancherUrl:        pulumi.String("<RANCHER_URL>"),
            TenantId:          pulumi.String("<AZUREAD_TENANT_ID>"),
            TokenEndpoint:     pulumi.String("<AZUREAD_TOKEN_ENDPOINT>"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_rancher2 as rancher2

# Create a new rancher2 Auth Config AzureAD
azuread = rancher2.AuthConfigAzureAd("azuread",
    application_id="<AZUREAD_APP_ID>",
    application_secret="<AZUREAD_APP_SECRET>",
    auth_endpoint="<AZUREAD_AUTH_ENDPOINT>",
    graph_endpoint="<AZUREAD_GRAPH_ENDPOINT>",
    rancher_url="<RANCHER_URL>",
    tenant_id="<AZUREAD_TENANT_ID>",
    token_endpoint="<AZUREAD_TOKEN_ENDPOINT>")
import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";

// Create a new rancher2 Auth Config AzureAD
const azuread = new rancher2.AuthConfigAzureAd("azuread", {
    applicationId: "<AZUREAD_APP_ID>",
    applicationSecret: "<AZUREAD_APP_SECRET>",
    authEndpoint: "<AZUREAD_AUTH_ENDPOINT>",
    graphEndpoint: "<AZUREAD_GRAPH_ENDPOINT>",
    rancherUrl: "<RANCHER_URL>",
    tenantId: "<AZUREAD_TENANT_ID>",
    tokenEndpoint: "<AZUREAD_TOKEN_ENDPOINT>",
});

Create a AuthConfigAzureAd Resource

new AuthConfigAzureAd(name: string, args: AuthConfigAzureAdArgs, opts?: CustomResourceOptions);
def AuthConfigAzureAd(resource_name: str, opts: Optional[ResourceOptions] = None, access_mode: Optional[str] = None, allowed_principal_ids: Optional[Sequence[str]] = None, annotations: Optional[Mapping[str, Any]] = None, application_id: Optional[str] = None, application_secret: Optional[str] = None, auth_endpoint: Optional[str] = None, enabled: Optional[bool] = None, endpoint: Optional[str] = None, graph_endpoint: Optional[str] = None, labels: Optional[Mapping[str, Any]] = None, rancher_url: Optional[str] = None, tenant_id: Optional[str] = None, token_endpoint: Optional[str] = None)
func NewAuthConfigAzureAd(ctx *Context, name string, args AuthConfigAzureAdArgs, opts ...ResourceOption) (*AuthConfigAzureAd, error)
public AuthConfigAzureAd(string name, AuthConfigAzureAdArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args AuthConfigAzureAdArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AuthConfigAzureAdArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AuthConfigAzureAdArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

AuthConfigAzureAd Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The AuthConfigAzureAd resource accepts the following input properties:

ApplicationId string

AzureAD auth application ID (string)

ApplicationSecret string

AzureAD auth application secret (string)

AuthEndpoint string

AzureAD auth endpoint (string)

GraphEndpoint string

AzureAD graph endpoint (string)

RancherUrl string

Rancher URL (string). “/verify-auth-azure”

TenantId string

AzureAD tenant ID (string)

TokenEndpoint string

AzureAD token endpoint (string)

AccessMode string

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

AllowedPrincipalIds List<string>

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

Annotations Dictionary<string, object>

Annotations of the resource (map)

Enabled bool

Enable auth config provider. Default true (bool)

Endpoint string

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

Labels Dictionary<string, object>

Labels of the resource (map)

ApplicationId string

AzureAD auth application ID (string)

ApplicationSecret string

AzureAD auth application secret (string)

AuthEndpoint string

AzureAD auth endpoint (string)

GraphEndpoint string

AzureAD graph endpoint (string)

RancherUrl string

Rancher URL (string). “/verify-auth-azure”

TenantId string

AzureAD tenant ID (string)

TokenEndpoint string

AzureAD token endpoint (string)

AccessMode string

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

AllowedPrincipalIds []string

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

Annotations map[string]interface{}

Annotations of the resource (map)

Enabled bool

Enable auth config provider. Default true (bool)

Endpoint string

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

Labels map[string]interface{}

Labels of the resource (map)

applicationId string

AzureAD auth application ID (string)

applicationSecret string

AzureAD auth application secret (string)

authEndpoint string

AzureAD auth endpoint (string)

graphEndpoint string

AzureAD graph endpoint (string)

rancherUrl string

Rancher URL (string). “/verify-auth-azure”

tenantId string

AzureAD tenant ID (string)

tokenEndpoint string

AzureAD token endpoint (string)

accessMode string

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

allowedPrincipalIds string[]

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

annotations {[key: string]: any}

Annotations of the resource (map)

enabled boolean

Enable auth config provider. Default true (bool)

endpoint string

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

labels {[key: string]: any}

Labels of the resource (map)

application_id str

AzureAD auth application ID (string)

application_secret str

AzureAD auth application secret (string)

auth_endpoint str

AzureAD auth endpoint (string)

graph_endpoint str

AzureAD graph endpoint (string)

rancher_url str

Rancher URL (string). “/verify-auth-azure”

tenant_id str

AzureAD tenant ID (string)

token_endpoint str

AzureAD token endpoint (string)

access_mode str

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

allowed_principal_ids Sequence[str]

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

annotations Mapping[str, Any]

Annotations of the resource (map)

enabled bool

Enable auth config provider. Default true (bool)

endpoint str

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

labels Mapping[str, Any]

Labels of the resource (map)

Outputs

All input properties are implicitly available as output properties. Additionally, the AuthConfigAzureAd resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Name string

(Computed) The name of the resource (string)

Type string

(Computed) The type of the resource (string)

Id string
The provider-assigned unique ID for this managed resource.
Name string

(Computed) The name of the resource (string)

Type string

(Computed) The type of the resource (string)

id string
The provider-assigned unique ID for this managed resource.
name string

(Computed) The name of the resource (string)

type string

(Computed) The type of the resource (string)

id str
The provider-assigned unique ID for this managed resource.
name str

(Computed) The name of the resource (string)

type str

(Computed) The type of the resource (string)

Look up an Existing AuthConfigAzureAd Resource

Get an existing AuthConfigAzureAd resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AuthConfigAzureAdState, opts?: CustomResourceOptions): AuthConfigAzureAd
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, access_mode: Optional[str] = None, allowed_principal_ids: Optional[Sequence[str]] = None, annotations: Optional[Mapping[str, Any]] = None, application_id: Optional[str] = None, application_secret: Optional[str] = None, auth_endpoint: Optional[str] = None, enabled: Optional[bool] = None, endpoint: Optional[str] = None, graph_endpoint: Optional[str] = None, labels: Optional[Mapping[str, Any]] = None, name: Optional[str] = None, rancher_url: Optional[str] = None, tenant_id: Optional[str] = None, token_endpoint: Optional[str] = None, type: Optional[str] = None) -> AuthConfigAzureAd
func GetAuthConfigAzureAd(ctx *Context, name string, id IDInput, state *AuthConfigAzureAdState, opts ...ResourceOption) (*AuthConfigAzureAd, error)
public static AuthConfigAzureAd Get(string name, Input<string> id, AuthConfigAzureAdState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessMode string

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

AllowedPrincipalIds List<string>

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

Annotations Dictionary<string, object>

Annotations of the resource (map)

ApplicationId string

AzureAD auth application ID (string)

ApplicationSecret string

AzureAD auth application secret (string)

AuthEndpoint string

AzureAD auth endpoint (string)

Enabled bool

Enable auth config provider. Default true (bool)

Endpoint string

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

GraphEndpoint string

AzureAD graph endpoint (string)

Labels Dictionary<string, object>

Labels of the resource (map)

Name string

(Computed) The name of the resource (string)

RancherUrl string

Rancher URL (string). “/verify-auth-azure”

TenantId string

AzureAD tenant ID (string)

TokenEndpoint string

AzureAD token endpoint (string)

Type string

(Computed) The type of the resource (string)

AccessMode string

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

AllowedPrincipalIds []string

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

Annotations map[string]interface{}

Annotations of the resource (map)

ApplicationId string

AzureAD auth application ID (string)

ApplicationSecret string

AzureAD auth application secret (string)

AuthEndpoint string

AzureAD auth endpoint (string)

Enabled bool

Enable auth config provider. Default true (bool)

Endpoint string

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

GraphEndpoint string

AzureAD graph endpoint (string)

Labels map[string]interface{}

Labels of the resource (map)

Name string

(Computed) The name of the resource (string)

RancherUrl string

Rancher URL (string). “/verify-auth-azure”

TenantId string

AzureAD tenant ID (string)

TokenEndpoint string

AzureAD token endpoint (string)

Type string

(Computed) The type of the resource (string)

accessMode string

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

allowedPrincipalIds string[]

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

annotations {[key: string]: any}

Annotations of the resource (map)

applicationId string

AzureAD auth application ID (string)

applicationSecret string

AzureAD auth application secret (string)

authEndpoint string

AzureAD auth endpoint (string)

enabled boolean

Enable auth config provider. Default true (bool)

endpoint string

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

graphEndpoint string

AzureAD graph endpoint (string)

labels {[key: string]: any}

Labels of the resource (map)

name string

(Computed) The name of the resource (string)

rancherUrl string

Rancher URL (string). “/verify-auth-azure”

tenantId string

AzureAD tenant ID (string)

tokenEndpoint string

AzureAD token endpoint (string)

type string

(Computed) The type of the resource (string)

access_mode str

Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)

allowed_principal_ids Sequence[str]

Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: azuread_user://<USER_ID> azuread_group://<GROUP_ID> (list)

annotations Mapping[str, Any]

Annotations of the resource (map)

application_id str

AzureAD auth application ID (string)

application_secret str

AzureAD auth application secret (string)

auth_endpoint str

AzureAD auth endpoint (string)

enabled bool

Enable auth config provider. Default true (bool)

endpoint str

AzureAD endpoint. Default https://login.microsoftonline.com/ (string)

graph_endpoint str

AzureAD graph endpoint (string)

labels Mapping[str, Any]

Labels of the resource (map)

name str

(Computed) The name of the resource (string)

rancher_url str

Rancher URL (string). “/verify-auth-azure”

tenant_id str

AzureAD tenant ID (string)

token_endpoint str

AzureAD token endpoint (string)

type str

(Computed) The type of the resource (string)

Package Details

Repository
https://github.com/pulumi/pulumi-rancher2
License
Apache-2.0
Notes
This Pulumi package is based on the rancher2 Terraform Provider.