Grafana v0.4.2 published on Monday, Apr 15, 2024 by pulumiverse
grafana.SsoSettings
Explore with Pulumi AI
Create SsoSettings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SsoSettings(name: string, args: SsoSettingsArgs, opts?: CustomResourceOptions);
@overload
def SsoSettings(resource_name: str,
args: SsoSettingsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SsoSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
oauth2_settings: Optional[SsoSettingsOauth2SettingsArgs] = None,
provider_name: Optional[str] = None)
func NewSsoSettings(ctx *Context, name string, args SsoSettingsArgs, opts ...ResourceOption) (*SsoSettings, error)
public SsoSettings(string name, SsoSettingsArgs args, CustomResourceOptions? opts = null)
public SsoSettings(String name, SsoSettingsArgs args)
public SsoSettings(String name, SsoSettingsArgs args, CustomResourceOptions options)
type: grafana:SsoSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SsoSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SsoSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SsoSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SsoSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SsoSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var ssoSettingsResource = new Grafana.SsoSettings("ssoSettingsResource", new()
{
Oauth2Settings = new Grafana.Inputs.SsoSettingsOauth2SettingsArgs
{
ClientId = "string",
GroupsAttributePath = "string",
UsePkce = false,
AllowedGroups = "string",
IdTokenAttributeName = "string",
ApiUrl = "string",
AuthStyle = "string",
AuthUrl = "string",
AutoLogin = false,
AllowSignUp = false,
ClientSecret = "string",
Custom =
{
{ "string", "string" },
},
DefineAllowedGroups = false,
DefineAllowedTeamsIds = false,
EmailAttributeName = "string",
EmailAttributePath = "string",
EmptyScopes = false,
Enabled = false,
AllowAssignGrafanaAdmin = false,
AllowedOrganizations = "string",
AllowedDomains = "string",
NameAttributePath = "string",
Name = "string",
RoleAttributePath = "string",
RoleAttributeStrict = false,
Scopes = "string",
SignoutRedirectUrl = "string",
SkipOrgRoleSync = false,
TeamIds = "string",
TeamIdsAttributePath = "string",
TeamsUrl = "string",
TlsClientCa = "string",
TlsClientCert = "string",
TlsClientKey = "string",
TlsSkipVerifyInsecure = false,
TokenUrl = "string",
LoginAttributePath = "string",
UseRefreshToken = false,
},
ProviderName = "string",
});
example, err := grafana.NewSsoSettings(ctx, "ssoSettingsResource", &grafana.SsoSettingsArgs{
Oauth2Settings: &grafana.SsoSettingsOauth2SettingsArgs{
ClientId: pulumi.String("string"),
GroupsAttributePath: pulumi.String("string"),
UsePkce: pulumi.Bool(false),
AllowedGroups: pulumi.String("string"),
IdTokenAttributeName: pulumi.String("string"),
ApiUrl: pulumi.String("string"),
AuthStyle: pulumi.String("string"),
AuthUrl: pulumi.String("string"),
AutoLogin: pulumi.Bool(false),
AllowSignUp: pulumi.Bool(false),
ClientSecret: pulumi.String("string"),
Custom: pulumi.StringMap{
"string": pulumi.String("string"),
},
DefineAllowedGroups: pulumi.Bool(false),
DefineAllowedTeamsIds: pulumi.Bool(false),
EmailAttributeName: pulumi.String("string"),
EmailAttributePath: pulumi.String("string"),
EmptyScopes: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
AllowAssignGrafanaAdmin: pulumi.Bool(false),
AllowedOrganizations: pulumi.String("string"),
AllowedDomains: pulumi.String("string"),
NameAttributePath: pulumi.String("string"),
Name: pulumi.String("string"),
RoleAttributePath: pulumi.String("string"),
RoleAttributeStrict: pulumi.Bool(false),
Scopes: pulumi.String("string"),
SignoutRedirectUrl: pulumi.String("string"),
SkipOrgRoleSync: pulumi.Bool(false),
TeamIds: pulumi.String("string"),
TeamIdsAttributePath: pulumi.String("string"),
TeamsUrl: pulumi.String("string"),
TlsClientCa: pulumi.String("string"),
TlsClientCert: pulumi.String("string"),
TlsClientKey: pulumi.String("string"),
TlsSkipVerifyInsecure: pulumi.Bool(false),
TokenUrl: pulumi.String("string"),
LoginAttributePath: pulumi.String("string"),
UseRefreshToken: pulumi.Bool(false),
},
ProviderName: pulumi.String("string"),
})
var ssoSettingsResource = new SsoSettings("ssoSettingsResource", SsoSettingsArgs.builder()
.oauth2Settings(SsoSettingsOauth2SettingsArgs.builder()
.clientId("string")
.groupsAttributePath("string")
.usePkce(false)
.allowedGroups("string")
.idTokenAttributeName("string")
.apiUrl("string")
.authStyle("string")
.authUrl("string")
.autoLogin(false)
.allowSignUp(false)
.clientSecret("string")
.custom(Map.of("string", "string"))
.defineAllowedGroups(false)
.defineAllowedTeamsIds(false)
.emailAttributeName("string")
.emailAttributePath("string")
.emptyScopes(false)
.enabled(false)
.allowAssignGrafanaAdmin(false)
.allowedOrganizations("string")
.allowedDomains("string")
.nameAttributePath("string")
.name("string")
.roleAttributePath("string")
.roleAttributeStrict(false)
.scopes("string")
.signoutRedirectUrl("string")
.skipOrgRoleSync(false)
.teamIds("string")
.teamIdsAttributePath("string")
.teamsUrl("string")
.tlsClientCa("string")
.tlsClientCert("string")
.tlsClientKey("string")
.tlsSkipVerifyInsecure(false)
.tokenUrl("string")
.loginAttributePath("string")
.useRefreshToken(false)
.build())
.providerName("string")
.build());
sso_settings_resource = grafana.SsoSettings("ssoSettingsResource",
oauth2_settings=grafana.SsoSettingsOauth2SettingsArgs(
client_id="string",
groups_attribute_path="string",
use_pkce=False,
allowed_groups="string",
id_token_attribute_name="string",
api_url="string",
auth_style="string",
auth_url="string",
auto_login=False,
allow_sign_up=False,
client_secret="string",
custom={
"string": "string",
},
define_allowed_groups=False,
define_allowed_teams_ids=False,
email_attribute_name="string",
email_attribute_path="string",
empty_scopes=False,
enabled=False,
allow_assign_grafana_admin=False,
allowed_organizations="string",
allowed_domains="string",
name_attribute_path="string",
name="string",
role_attribute_path="string",
role_attribute_strict=False,
scopes="string",
signout_redirect_url="string",
skip_org_role_sync=False,
team_ids="string",
team_ids_attribute_path="string",
teams_url="string",
tls_client_ca="string",
tls_client_cert="string",
tls_client_key="string",
tls_skip_verify_insecure=False,
token_url="string",
login_attribute_path="string",
use_refresh_token=False,
),
provider_name="string")
const ssoSettingsResource = new grafana.SsoSettings("ssoSettingsResource", {
oauth2Settings: {
clientId: "string",
groupsAttributePath: "string",
usePkce: false,
allowedGroups: "string",
idTokenAttributeName: "string",
apiUrl: "string",
authStyle: "string",
authUrl: "string",
autoLogin: false,
allowSignUp: false,
clientSecret: "string",
custom: {
string: "string",
},
defineAllowedGroups: false,
defineAllowedTeamsIds: false,
emailAttributeName: "string",
emailAttributePath: "string",
emptyScopes: false,
enabled: false,
allowAssignGrafanaAdmin: false,
allowedOrganizations: "string",
allowedDomains: "string",
nameAttributePath: "string",
name: "string",
roleAttributePath: "string",
roleAttributeStrict: false,
scopes: "string",
signoutRedirectUrl: "string",
skipOrgRoleSync: false,
teamIds: "string",
teamIdsAttributePath: "string",
teamsUrl: "string",
tlsClientCa: "string",
tlsClientCert: "string",
tlsClientKey: "string",
tlsSkipVerifyInsecure: false,
tokenUrl: "string",
loginAttributePath: "string",
useRefreshToken: false,
},
providerName: "string",
});
type: grafana:SsoSettings
properties:
oauth2Settings:
allowAssignGrafanaAdmin: false
allowSignUp: false
allowedDomains: string
allowedGroups: string
allowedOrganizations: string
apiUrl: string
authStyle: string
authUrl: string
autoLogin: false
clientId: string
clientSecret: string
custom:
string: string
defineAllowedGroups: false
defineAllowedTeamsIds: false
emailAttributeName: string
emailAttributePath: string
emptyScopes: false
enabled: false
groupsAttributePath: string
idTokenAttributeName: string
loginAttributePath: string
name: string
nameAttributePath: string
roleAttributePath: string
roleAttributeStrict: false
scopes: string
signoutRedirectUrl: string
skipOrgRoleSync: false
teamIds: string
teamIdsAttributePath: string
teamsUrl: string
tlsClientCa: string
tlsClientCert: string
tlsClientKey: string
tlsSkipVerifyInsecure: false
tokenUrl: string
usePkce: false
useRefreshToken: false
providerName: string
SsoSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SsoSettings resource accepts the following input properties:
- Oauth2Settings
Pulumiverse.
Grafana. Inputs. Sso Settings Oauth2Settings - The SSO settings set.
- Provider
Name string - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- Oauth2Settings
Sso
Settings Oauth2Settings Args - The SSO settings set.
- Provider
Name string - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2Settings
Sso
Settings Oauth2Settings - The SSO settings set.
- provider
Name String - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2Settings
Sso
Settings Oauth2Settings - The SSO settings set.
- provider
Name string - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2_
settings SsoSettings Oauth2Settings Args - The SSO settings set.
- provider_
name str - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2Settings Property Map
- The SSO settings set.
- provider
Name String - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
Outputs
All input properties are implicitly available as output properties. Additionally, the SsoSettings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SsoSettings Resource
Get an existing SsoSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SsoSettingsState, opts?: CustomResourceOptions): SsoSettings
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
oauth2_settings: Optional[SsoSettingsOauth2SettingsArgs] = None,
provider_name: Optional[str] = None) -> SsoSettings
func GetSsoSettings(ctx *Context, name string, id IDInput, state *SsoSettingsState, opts ...ResourceOption) (*SsoSettings, error)
public static SsoSettings Get(string name, Input<string> id, SsoSettingsState? state, CustomResourceOptions? opts = null)
public static SsoSettings get(String name, Output<String> id, SsoSettingsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Oauth2Settings
Pulumiverse.
Grafana. Inputs. Sso Settings Oauth2Settings - The SSO settings set.
- Provider
Name string - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- Oauth2Settings
Sso
Settings Oauth2Settings Args - The SSO settings set.
- Provider
Name string - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2Settings
Sso
Settings Oauth2Settings - The SSO settings set.
- provider
Name String - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2Settings
Sso
Settings Oauth2Settings - The SSO settings set.
- provider
Name string - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2_
settings SsoSettings Oauth2Settings Args - The SSO settings set.
- provider_
name str - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
- oauth2Settings Property Map
- The SSO settings set.
- provider
Name String - The name of the SSO provider. Supported values: github, gitlab, google, azuread, okta, generic_oauth.
Supporting Types
SsoSettingsOauth2Settings, SsoSettingsOauth2SettingsArgs
- Client
Id string - The client Id of your OAuth2 app.
- Allow
Assign boolGrafana Admin - If enabled, it will automatically sync the Grafana server administrator role.
- Allow
Sign boolUp - If not enabled, only existing Grafana users can log in using OAuth.
- Allowed
Domains string - List of comma- or space-separated domains. The user should belong to at least one domain to log in.
- Allowed
Groups string - List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
- Allowed
Organizations string - List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
- Api
Url string - The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- Auth
Style string - It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
- Auth
Url string - The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- Auto
Login bool - Log in automatically, skipping the login screen.
- Client
Secret string - The client secret of your OAuth2 app.
- Custom Dictionary<string, string>
- Custom fields to configure for OAuth2 such as the force_use_graph_api field.
- Define
Allowed boolGroups - Define allowed groups.
- Define
Allowed boolTeams Ids - Define allowed teams ids.
- Email
Attribute stringName - Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
- Email
Attribute stringPath - JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
- Empty
Scopes bool - If enabled, no scopes will be sent to the OAuth2 provider.
- Enabled bool
- Define whether this configuration is enabled for the specified provider.
- Groups
Attribute stringPath - JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
- Id
Token stringAttribute Name - The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
- Login
Attribute stringPath - JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
- Name string
- Helpful if you use more than one identity providers or SSO protocols.
- Name
Attribute stringPath - JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
- Role
Attribute stringPath - JMESPath expression to use for Grafana role lookup.
- Role
Attribute boolStrict - If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
- Scopes string
- List of comma- or space-separated OAuth2 scopes.
- Signout
Redirect stringUrl - The URL to redirect the user to after signing out from Grafana.
- Skip
Org boolRole Sync - Prevent synchronizing users’ organization roles from your IdP.
- Team
Ids string - String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
- Team
Ids stringAttribute Path - The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
- Teams
Url string - The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
- Tls
Client stringCa - The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
- Tls
Client stringCert - The path to the certificate. Is not applicable on Grafana Cloud.
- Tls
Client stringKey - The path to the key. Is not applicable on Grafana Cloud.
- Tls
Skip boolVerify Insecure - If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
- Token
Url string - The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- Use
Pkce bool - If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
- Use
Refresh boolToken - If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.
- Client
Id string - The client Id of your OAuth2 app.
- Allow
Assign boolGrafana Admin - If enabled, it will automatically sync the Grafana server administrator role.
- Allow
Sign boolUp - If not enabled, only existing Grafana users can log in using OAuth.
- Allowed
Domains string - List of comma- or space-separated domains. The user should belong to at least one domain to log in.
- Allowed
Groups string - List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
- Allowed
Organizations string - List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
- Api
Url string - The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- Auth
Style string - It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
- Auth
Url string - The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- Auto
Login bool - Log in automatically, skipping the login screen.
- Client
Secret string - The client secret of your OAuth2 app.
- Custom map[string]string
- Custom fields to configure for OAuth2 such as the force_use_graph_api field.
- Define
Allowed boolGroups - Define allowed groups.
- Define
Allowed boolTeams Ids - Define allowed teams ids.
- Email
Attribute stringName - Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
- Email
Attribute stringPath - JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
- Empty
Scopes bool - If enabled, no scopes will be sent to the OAuth2 provider.
- Enabled bool
- Define whether this configuration is enabled for the specified provider.
- Groups
Attribute stringPath - JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
- Id
Token stringAttribute Name - The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
- Login
Attribute stringPath - JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
- Name string
- Helpful if you use more than one identity providers or SSO protocols.
- Name
Attribute stringPath - JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
- Role
Attribute stringPath - JMESPath expression to use for Grafana role lookup.
- Role
Attribute boolStrict - If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
- Scopes string
- List of comma- or space-separated OAuth2 scopes.
- Signout
Redirect stringUrl - The URL to redirect the user to after signing out from Grafana.
- Skip
Org boolRole Sync - Prevent synchronizing users’ organization roles from your IdP.
- Team
Ids string - String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
- Team
Ids stringAttribute Path - The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
- Teams
Url string - The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
- Tls
Client stringCa - The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
- Tls
Client stringCert - The path to the certificate. Is not applicable on Grafana Cloud.
- Tls
Client stringKey - The path to the key. Is not applicable on Grafana Cloud.
- Tls
Skip boolVerify Insecure - If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
- Token
Url string - The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- Use
Pkce bool - If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
- Use
Refresh boolToken - If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.
- client
Id String - The client Id of your OAuth2 app.
- allow
Assign BooleanGrafana Admin - If enabled, it will automatically sync the Grafana server administrator role.
- allow
Sign BooleanUp - If not enabled, only existing Grafana users can log in using OAuth.
- allowed
Domains String - List of comma- or space-separated domains. The user should belong to at least one domain to log in.
- allowed
Groups String - List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
- allowed
Organizations String - List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
- api
Url String - The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auth
Style String - It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
- auth
Url String - The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auto
Login Boolean - Log in automatically, skipping the login screen.
- client
Secret String - The client secret of your OAuth2 app.
- custom Map<String,String>
- Custom fields to configure for OAuth2 such as the force_use_graph_api field.
- define
Allowed BooleanGroups - Define allowed groups.
- define
Allowed BooleanTeams Ids - Define allowed teams ids.
- email
Attribute StringName - Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
- email
Attribute StringPath - JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
- empty
Scopes Boolean - If enabled, no scopes will be sent to the OAuth2 provider.
- enabled Boolean
- Define whether this configuration is enabled for the specified provider.
- groups
Attribute StringPath - JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
- id
Token StringAttribute Name - The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
- login
Attribute StringPath - JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
- name String
- Helpful if you use more than one identity providers or SSO protocols.
- name
Attribute StringPath - JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
- role
Attribute StringPath - JMESPath expression to use for Grafana role lookup.
- role
Attribute BooleanStrict - If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
- scopes String
- List of comma- or space-separated OAuth2 scopes.
- signout
Redirect StringUrl - The URL to redirect the user to after signing out from Grafana.
- skip
Org BooleanRole Sync - Prevent synchronizing users’ organization roles from your IdP.
- team
Ids String - String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
- team
Ids StringAttribute Path - The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
- teams
Url String - The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
- tls
Client StringCa - The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
- tls
Client StringCert - The path to the certificate. Is not applicable on Grafana Cloud.
- tls
Client StringKey - The path to the key. Is not applicable on Grafana Cloud.
- tls
Skip BooleanVerify Insecure - If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
- token
Url String - The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- use
Pkce Boolean - If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
- use
Refresh BooleanToken - If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.
- client
Id string - The client Id of your OAuth2 app.
- allow
Assign booleanGrafana Admin - If enabled, it will automatically sync the Grafana server administrator role.
- allow
Sign booleanUp - If not enabled, only existing Grafana users can log in using OAuth.
- allowed
Domains string - List of comma- or space-separated domains. The user should belong to at least one domain to log in.
- allowed
Groups string - List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
- allowed
Organizations string - List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
- api
Url string - The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auth
Style string - It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
- auth
Url string - The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auto
Login boolean - Log in automatically, skipping the login screen.
- client
Secret string - The client secret of your OAuth2 app.
- custom {[key: string]: string}
- Custom fields to configure for OAuth2 such as the force_use_graph_api field.
- define
Allowed booleanGroups - Define allowed groups.
- define
Allowed booleanTeams Ids - Define allowed teams ids.
- email
Attribute stringName - Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
- email
Attribute stringPath - JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
- empty
Scopes boolean - If enabled, no scopes will be sent to the OAuth2 provider.
- enabled boolean
- Define whether this configuration is enabled for the specified provider.
- groups
Attribute stringPath - JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
- id
Token stringAttribute Name - The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
- login
Attribute stringPath - JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
- name string
- Helpful if you use more than one identity providers or SSO protocols.
- name
Attribute stringPath - JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
- role
Attribute stringPath - JMESPath expression to use for Grafana role lookup.
- role
Attribute booleanStrict - If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
- scopes string
- List of comma- or space-separated OAuth2 scopes.
- signout
Redirect stringUrl - The URL to redirect the user to after signing out from Grafana.
- skip
Org booleanRole Sync - Prevent synchronizing users’ organization roles from your IdP.
- team
Ids string - String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
- team
Ids stringAttribute Path - The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
- teams
Url string - The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
- tls
Client stringCa - The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
- tls
Client stringCert - The path to the certificate. Is not applicable on Grafana Cloud.
- tls
Client stringKey - The path to the key. Is not applicable on Grafana Cloud.
- tls
Skip booleanVerify Insecure - If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
- token
Url string - The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- use
Pkce boolean - If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
- use
Refresh booleanToken - If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.
- client_
id str - The client Id of your OAuth2 app.
- allow_
assign_ boolgrafana_ admin - If enabled, it will automatically sync the Grafana server administrator role.
- allow_
sign_ boolup - If not enabled, only existing Grafana users can log in using OAuth.
- allowed_
domains str - List of comma- or space-separated domains. The user should belong to at least one domain to log in.
- allowed_
groups str - List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
- allowed_
organizations str - List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
- api_
url str - The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auth_
style str - It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
- auth_
url str - The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auto_
login bool - Log in automatically, skipping the login screen.
- client_
secret str - The client secret of your OAuth2 app.
- custom Mapping[str, str]
- Custom fields to configure for OAuth2 such as the force_use_graph_api field.
- define_
allowed_ boolgroups - Define allowed groups.
- define_
allowed_ boolteams_ ids - Define allowed teams ids.
- email_
attribute_ strname - Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
- email_
attribute_ strpath - JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
- empty_
scopes bool - If enabled, no scopes will be sent to the OAuth2 provider.
- enabled bool
- Define whether this configuration is enabled for the specified provider.
- groups_
attribute_ strpath - JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
- id_
token_ strattribute_ name - The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
- login_
attribute_ strpath - JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
- name str
- Helpful if you use more than one identity providers or SSO protocols.
- name_
attribute_ strpath - JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
- role_
attribute_ strpath - JMESPath expression to use for Grafana role lookup.
- role_
attribute_ boolstrict - If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
- scopes str
- List of comma- or space-separated OAuth2 scopes.
- signout_
redirect_ strurl - The URL to redirect the user to after signing out from Grafana.
- skip_
org_ boolrole_ sync - Prevent synchronizing users’ organization roles from your IdP.
- team_
ids str - String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
- team_
ids_ strattribute_ path - The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
- teams_
url str - The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
- tls_
client_ strca - The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
- tls_
client_ strcert - The path to the certificate. Is not applicable on Grafana Cloud.
- tls_
client_ strkey - The path to the key. Is not applicable on Grafana Cloud.
- tls_
skip_ boolverify_ insecure - If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
- token_
url str - The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- use_
pkce bool - If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
- use_
refresh_ booltoken - If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.
- client
Id String - The client Id of your OAuth2 app.
- allow
Assign BooleanGrafana Admin - If enabled, it will automatically sync the Grafana server administrator role.
- allow
Sign BooleanUp - If not enabled, only existing Grafana users can log in using OAuth.
- allowed
Domains String - List of comma- or space-separated domains. The user should belong to at least one domain to log in.
- allowed
Groups String - List of comma- or space-separated groups. The user should be a member of at least one group to log in. For Generic OAuth, if you configure allowed_groups, you must also configure groups_attribute_path.
- allowed
Organizations String - List of comma- or space-separated organizations. The user should be a member of at least one organization to log in.
- api
Url String - The user information endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auth
Style String - It determines how client_id and client_secret are sent to Oauth2 provider. Possible values are AutoDetect, InParams, InHeader. Default is AutoDetect.
- auth
Url String - The authorization endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- auto
Login Boolean - Log in automatically, skipping the login screen.
- client
Secret String - The client secret of your OAuth2 app.
- custom Map<String>
- Custom fields to configure for OAuth2 such as the force_use_graph_api field.
- define
Allowed BooleanGroups - Define allowed groups.
- define
Allowed BooleanTeams Ids - Define allowed teams ids.
- email
Attribute StringName - Name of the key to use for user email lookup within the attributes map of OAuth2 ID token. Only applicable to Generic OAuth.
- email
Attribute StringPath - JMESPath expression to use for user email lookup from the user information. Only applicable to Generic OAuth.
- empty
Scopes Boolean - If enabled, no scopes will be sent to the OAuth2 provider.
- enabled Boolean
- Define whether this configuration is enabled for the specified provider.
- groups
Attribute StringPath - JMESPath expression to use for user group lookup. If you configure allowed_groups, you must also configure groups_attribute_path.
- id
Token StringAttribute Name - The name of the key used to extract the ID token from the returned OAuth2 token. Only applicable to Generic OAuth.
- login
Attribute StringPath - JMESPath expression to use for user login lookup from the user ID token. Only applicable to Generic OAuth.
- name String
- Helpful if you use more than one identity providers or SSO protocols.
- name
Attribute StringPath - JMESPath expression to use for user name lookup from the user ID token. This name will be used as the user’s display name. Only applicable to Generic OAuth.
- role
Attribute StringPath - JMESPath expression to use for Grafana role lookup.
- role
Attribute BooleanStrict - If enabled, denies user login if the Grafana role cannot be extracted using Role attribute path.
- scopes String
- List of comma- or space-separated OAuth2 scopes.
- signout
Redirect StringUrl - The URL to redirect the user to after signing out from Grafana.
- skip
Org BooleanRole Sync - Prevent synchronizing users’ organization roles from your IdP.
- team
Ids String - String list of Team Ids. If set, the user must be a member of one of the given teams to log in. If you configure team_ids, you must also configure teams_url and team_ids_attribute_path.
- team
Ids StringAttribute Path - The JMESPath expression to use for Grafana Team Id lookup within the results returned by the teams_url endpoint. Only applicable to Generic OAuth.
- teams
Url String - The URL used to query for Team Ids. If not set, the default value is /teams. If you configure teams_url, you must also configure team_ids_attribute_path. Only applicable to Generic OAuth.
- tls
Client StringCa - The path to the trusted certificate authority list. Is not applicable on Grafana Cloud.
- tls
Client StringCert - The path to the certificate. Is not applicable on Grafana Cloud.
- tls
Client StringKey - The path to the key. Is not applicable on Grafana Cloud.
- tls
Skip BooleanVerify Insecure - If enabled, the client accepts any certificate presented by the server and any host name in that certificate. You should only use this for testing, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
- token
Url String - The token endpoint of your OAuth2 provider. Required for azuread, okta and generic_oauth providers.
- use
Pkce Boolean - If enabled, Grafana will use Proof Key for Code Exchange (PKCE) with the OAuth2 Authorization Code Grant.
- use
Refresh BooleanToken - If enabled, Grafana will fetch a new access token using the refresh token provided by the OAuth2 provider.
Package Details
- Repository
- grafana pulumiverse/pulumi-grafana
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
grafana
Terraform Provider.