Docs
PackagesNomad v2.2.0 published on Wednesday, Mar 13, 2024 by Pulumi
nomad.AclAuthMethod
Explore with Pulumi AI
Manages an ACL Auth Method in Nomad.
Example Usage
Creating an ALC Auth Method:
import * as pulumi from "@pulumi/pulumi";
import * as nomad from "@pulumi/nomad";
const myNomadAclAuthMethod = new nomad.AclAuthMethod("myNomadAclAuthMethod", {
type: "OIDC",
tokenLocality: "global",
maxTokenTtl: "10m0s",
tokenNameFormat: `${auth_method_type}-${value.user}`,
"default": true,
config: {
oidcDiscoveryUrl: "https://uk.auth0.com/",
oidcClientId: "someclientid",
oidcClientSecret: "someclientsecret-t",
boundAudiences: ["someclientid"],
allowedRedirectUris: [
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
listClaimMappings: {
"http://nomad.internal/roles": "roles",
},
},
});
import pulumi
import pulumi_nomad as nomad
my_nomad_acl_auth_method = nomad.AclAuthMethod("myNomadAclAuthMethod",
type="OIDC",
token_locality="global",
max_token_ttl="10m0s",
token_name_format="${auth_method_type}-${value.user}",
default=True,
config=nomad.AclAuthMethodConfigArgs(
oidc_discovery_url="https://uk.auth0.com/",
oidc_client_id="someclientid",
oidc_client_secret="someclientsecret-t",
bound_audiences=["someclientid"],
allowed_redirect_uris=[
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
list_claim_mappings={
"http://nomad.internal/roles": "roles",
},
))
package main
import (
"fmt"
"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := nomad.NewAclAuthMethod(ctx, "myNomadAclAuthMethod", &nomad.AclAuthMethodArgs{
Type: pulumi.String("OIDC"),
TokenLocality: pulumi.String("global"),
MaxTokenTtl: pulumi.String("10m0s"),
TokenNameFormat: pulumi.String(fmt.Sprintf("${auth_method_type}-${value.user}")),
Default: pulumi.Bool(true),
Config: &nomad.AclAuthMethodConfigArgs{
OidcDiscoveryUrl: pulumi.String("https://uk.auth0.com/"),
OidcClientId: pulumi.String("someclientid"),
OidcClientSecret: pulumi.String("someclientsecret-t"),
BoundAudiences: pulumi.StringArray{
pulumi.String("someclientid"),
},
AllowedRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:4649/oidc/callback"),
pulumi.String("http://localhost:4646/ui/settings/tokens"),
},
ListClaimMappings: pulumi.StringMap{
"http://nomad.internal/roles": pulumi.String("roles"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nomad = Pulumi.Nomad;
return await Deployment.RunAsync(() =>
{
var myNomadAclAuthMethod = new Nomad.AclAuthMethod("myNomadAclAuthMethod", new()
{
Type = "OIDC",
TokenLocality = "global",
MaxTokenTtl = "10m0s",
TokenNameFormat = "${auth_method_type}-${value.user}",
Default = true,
Config = new Nomad.Inputs.AclAuthMethodConfigArgs
{
OidcDiscoveryUrl = "https://uk.auth0.com/",
OidcClientId = "someclientid",
OidcClientSecret = "someclientsecret-t",
BoundAudiences = new[]
{
"someclientid",
},
AllowedRedirectUris = new[]
{
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
},
ListClaimMappings =
{
{ "http://nomad.internal/roles", "roles" },
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nomad.AclAuthMethod;
import com.pulumi.nomad.AclAuthMethodArgs;
import com.pulumi.nomad.inputs.AclAuthMethodConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myNomadAclAuthMethod = new AclAuthMethod("myNomadAclAuthMethod", AclAuthMethodArgs.builder()
.type("OIDC")
.tokenLocality("global")
.maxTokenTtl("10m0s")
.tokenNameFormat("${auth_method_type}-${value.user}")
.default_(true)
.config(AclAuthMethodConfigArgs.builder()
.oidcDiscoveryUrl("https://uk.auth0.com/")
.oidcClientId("someclientid")
.oidcClientSecret("someclientsecret-t")
.boundAudiences("someclientid")
.allowedRedirectUris(
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens")
.listClaimMappings(Map.of("http://nomad.internal/roles", "roles"))
.build())
.build());
}
}
resources:
myNomadAclAuthMethod:
type: nomad:AclAuthMethod
properties:
type: OIDC
tokenLocality: global
maxTokenTtl: 10m0s
tokenNameFormat: ${auth_method_type}-${value.user}
default: true
config:
oidcDiscoveryUrl: https://uk.auth0.com/
oidcClientId: someclientid
oidcClientSecret: someclientsecret-t
boundAudiences:
- someclientid
allowedRedirectUris:
- http://localhost:4649/oidc/callback
- http://localhost:4646/ui/settings/tokens
listClaimMappings:
http://nomad.internal/roles: roles
Create AclAuthMethod Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);@overload
def AclAuthMethod(resource_name: str,
args: AclAuthMethodArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AclAuthMethod(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[AclAuthMethodConfigArgs] = None,
max_token_ttl: Optional[str] = None,
token_locality: Optional[str] = None,
type: Optional[str] = None,
default: Optional[bool] = None,
name: Optional[str] = None,
token_name_format: Optional[str] = None)func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)
public AclAuthMethod(String name, AclAuthMethodArgs args)
public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)
type: nomad:AclAuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var aclAuthMethodResource = new Nomad.AclAuthMethod("aclAuthMethodResource", new()
{
Config = new Nomad.Inputs.AclAuthMethodConfigArgs
{
AllowedRedirectUris = new[]
{
"string",
},
OidcClientId = "string",
OidcClientSecret = "string",
OidcDiscoveryUrl = "string",
BoundAudiences = new[]
{
"string",
},
ClaimMappings =
{
{ "string", "string" },
},
DiscoveryCaPems = new[]
{
"string",
},
ListClaimMappings =
{
{ "string", "string" },
},
OidcDisableUserinfo = false,
OidcScopes = new[]
{
"string",
},
SigningAlgs = new[]
{
"string",
},
},
MaxTokenTtl = "string",
TokenLocality = "string",
Type = "string",
Default = false,
Name = "string",
TokenNameFormat = "string",
});
example, err := nomad.NewAclAuthMethod(ctx, "aclAuthMethodResource", &nomad.AclAuthMethodArgs{
Config: &nomad.AclAuthMethodConfigArgs{
AllowedRedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
OidcClientId: pulumi.String("string"),
OidcClientSecret: pulumi.String("string"),
OidcDiscoveryUrl: pulumi.String("string"),
BoundAudiences: pulumi.StringArray{
pulumi.String("string"),
},
ClaimMappings: pulumi.StringMap{
"string": pulumi.String("string"),
},
DiscoveryCaPems: pulumi.StringArray{
pulumi.String("string"),
},
ListClaimMappings: pulumi.StringMap{
"string": pulumi.String("string"),
},
OidcDisableUserinfo: pulumi.Bool(false),
OidcScopes: pulumi.StringArray{
pulumi.String("string"),
},
SigningAlgs: pulumi.StringArray{
pulumi.String("string"),
},
},
MaxTokenTtl: pulumi.String("string"),
TokenLocality: pulumi.String("string"),
Type: pulumi.String("string"),
Default: pulumi.Bool(false),
Name: pulumi.String("string"),
TokenNameFormat: pulumi.String("string"),
})
var aclAuthMethodResource = new AclAuthMethod("aclAuthMethodResource", AclAuthMethodArgs.builder()
.config(AclAuthMethodConfigArgs.builder()
.allowedRedirectUris("string")
.oidcClientId("string")
.oidcClientSecret("string")
.oidcDiscoveryUrl("string")
.boundAudiences("string")
.claimMappings(Map.of("string", "string"))
.discoveryCaPems("string")
.listClaimMappings(Map.of("string", "string"))
.oidcDisableUserinfo(false)
.oidcScopes("string")
.signingAlgs("string")
.build())
.maxTokenTtl("string")
.tokenLocality("string")
.type("string")
.default_(false)
.name("string")
.tokenNameFormat("string")
.build());
acl_auth_method_resource = nomad.AclAuthMethod("aclAuthMethodResource",
config=nomad.AclAuthMethodConfigArgs(
allowed_redirect_uris=["string"],
oidc_client_id="string",
oidc_client_secret="string",
oidc_discovery_url="string",
bound_audiences=["string"],
claim_mappings={
"string": "string",
},
discovery_ca_pems=["string"],
list_claim_mappings={
"string": "string",
},
oidc_disable_userinfo=False,
oidc_scopes=["string"],
signing_algs=["string"],
),
max_token_ttl="string",
token_locality="string",
type="string",
default=False,
name="string",
token_name_format="string")
const aclAuthMethodResource = new nomad.AclAuthMethod("aclAuthMethodResource", {
config: {
allowedRedirectUris: ["string"],
oidcClientId: "string",
oidcClientSecret: "string",
oidcDiscoveryUrl: "string",
boundAudiences: ["string"],
claimMappings: {
string: "string",
},
discoveryCaPems: ["string"],
listClaimMappings: {
string: "string",
},
oidcDisableUserinfo: false,
oidcScopes: ["string"],
signingAlgs: ["string"],
},
maxTokenTtl: "string",
tokenLocality: "string",
type: "string",
"default": false,
name: "string",
tokenNameFormat: "string",
});
type: nomad:AclAuthMethod
properties:
config:
allowedRedirectUris:
- string
boundAudiences:
- string
claimMappings:
string: string
discoveryCaPems:
- string
listClaimMappings:
string: string
oidcClientId: string
oidcClientSecret: string
oidcDisableUserinfo: false
oidcDiscoveryUrl: string
oidcScopes:
- string
signingAlgs:
- string
default: false
maxTokenTtl: string
name: string
tokenLocality: string
tokenNameFormat: string
type: string
AclAuthMethod Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AclAuthMethod resource accepts the following input properties:
- Config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- Config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default_ Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name string
(string: <required>)- The identifier of the ACL Auth Method.- token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- max_
token_ strttl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token_
locality str (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type str
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name str
(string: <required>)- The identifier of the ACL Auth Method.- token_
name_ strformat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config Property Map
(block: <required>)- Configuration specific to the auth method provider.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
Outputs
All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AclAuthMethod Resource
Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[AclAuthMethodConfigArgs] = None,
default: Optional[bool] = None,
max_token_ttl: Optional[str] = None,
name: Optional[str] = None,
token_locality: Optional[str] = None,
token_name_format: Optional[str] = None,
type: Optional[str] = None) -> AclAuthMethodfunc GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- Config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- default_ Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- default boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name string
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max_
token_ strttl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name str
(string: <required>)- The identifier of the ACL Auth Method.- token_
locality str (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token_
name_ strformat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type str
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config Property Map
(block: <required>)- Configuration specific to the auth method provider.- default Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
Supporting Types
AclAuthMethodConfig, AclAuthMethodConfigArgs
- Allowed
Redirect List<string>Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- Oidc
Client stringId (string: <required>)- The OAuth Client ID configured with the OIDC provider.- Oidc
Client stringSecret (string: <required>)- The OAuth Client Secret configured with the OIDC provider.- Oidc
Discovery stringUrl (string: <required>)- The OIDC Discovery URL, without any .well-known component (base path).- Bound
Audiences List<string> ([]string: <optional>)- List of auth claims that are valid for login.- Claim
Mappings Dictionary<string, string> (map[string]string: <optional>)- Mappings of claims (key) that will be copied to a metadata field (value).- Discovery
Ca List<string>Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- List
Claim Dictionary<string, string>Mappings (map[string]string: <optional>)- Mappings of list claims (key) that will be copied to a metadata field (value).- Oidc
Disable boolUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- Oidc
Scopes List<string> ([]string: <optional>)- List of OIDC scopes.- Signing
Algs List<string> ([]string: <optional>)- A list of supported signing algorithms.
- Allowed
Redirect []stringUris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- Oidc
Client stringId (string: <required>)- The OAuth Client ID configured with the OIDC provider.- Oidc
Client stringSecret (string: <required>)- The OAuth Client Secret configured with the OIDC provider.- Oidc
Discovery stringUrl (string: <required>)- The OIDC Discovery URL, without any .well-known component (base path).- Bound
Audiences []string ([]string: <optional>)- List of auth claims that are valid for login.- Claim
Mappings map[string]string (map[string]string: <optional>)- Mappings of claims (key) that will be copied to a metadata field (value).- Discovery
Ca []stringPems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- List
Claim map[string]stringMappings (map[string]string: <optional>)- Mappings of list claims (key) that will be copied to a metadata field (value).- Oidc
Disable boolUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- Oidc
Scopes []string ([]string: <optional>)- List of OIDC scopes.- Signing
Algs []string ([]string: <optional>)- A list of supported signing algorithms.
- allowed
Redirect List<String>Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- oidc
Client StringId (string: <required>)- The OAuth Client ID configured with the OIDC provider.- oidc
Client StringSecret (string: <required>)- The OAuth Client Secret configured with the OIDC provider.- oidc
Discovery StringUrl (string: <required>)- The OIDC Discovery URL, without any .well-known component (base path).- bound
Audiences List<String> ([]string: <optional>)- List of auth claims that are valid for login.- claim
Mappings Map<String,String> (map[string]string: <optional>)- Mappings of claims (key) that will be copied to a metadata field (value).- discovery
Ca List<String>Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- list
Claim Map<String,String>Mappings (map[string]string: <optional>)- Mappings of list claims (key) that will be copied to a metadata field (value).- oidc
Disable BooleanUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc
Scopes List<String> ([]string: <optional>)- List of OIDC scopes.- signing
Algs List<String> ([]string: <optional>)- A list of supported signing algorithms.
- allowed
Redirect string[]Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- oidc
Client stringId (string: <required>)- The OAuth Client ID configured with the OIDC provider.- oidc
Client stringSecret (string: <required>)- The OAuth Client Secret configured with the OIDC provider.- oidc
Discovery stringUrl (string: <required>)- The OIDC Discovery URL, without any .well-known component (base path).- bound
Audiences string[] ([]string: <optional>)- List of auth claims that are valid for login.- claim
Mappings {[key: string]: string} (map[string]string: <optional>)- Mappings of claims (key) that will be copied to a metadata field (value).- discovery
Ca string[]Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- list
Claim {[key: string]: string}Mappings (map[string]string: <optional>)- Mappings of list claims (key) that will be copied to a metadata field (value).- oidc
Disable booleanUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc
Scopes string[] ([]string: <optional>)- List of OIDC scopes.- signing
Algs string[] ([]string: <optional>)- A list of supported signing algorithms.
- allowed_
redirect_ Sequence[str]uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- oidc_
client_ strid (string: <required>)- The OAuth Client ID configured with the OIDC provider.- oidc_
client_ strsecret (string: <required>)- The OAuth Client Secret configured with the OIDC provider.- oidc_
discovery_ strurl (string: <required>)- The OIDC Discovery URL, without any .well-known component (base path).- bound_
audiences Sequence[str] ([]string: <optional>)- List of auth claims that are valid for login.- claim_
mappings Mapping[str, str] (map[string]string: <optional>)- Mappings of claims (key) that will be copied to a metadata field (value).- discovery_
ca_ Sequence[str]pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- list_
claim_ Mapping[str, str]mappings (map[string]string: <optional>)- Mappings of list claims (key) that will be copied to a metadata field (value).- oidc_
disable_ booluserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc_
scopes Sequence[str] ([]string: <optional>)- List of OIDC scopes.- signing_
algs Sequence[str] ([]string: <optional>)- A list of supported signing algorithms.
- allowed
Redirect List<String>Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- oidc
Client StringId (string: <required>)- The OAuth Client ID configured with the OIDC provider.- oidc
Client StringSecret (string: <required>)- The OAuth Client Secret configured with the OIDC provider.- oidc
Discovery StringUrl (string: <required>)- The OIDC Discovery URL, without any .well-known component (base path).- bound
Audiences List<String> ([]string: <optional>)- List of auth claims that are valid for login.- claim
Mappings Map<String> (map[string]string: <optional>)- Mappings of claims (key) that will be copied to a metadata field (value).- discovery
Ca List<String>Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- list
Claim Map<String>Mappings (map[string]string: <optional>)- Mappings of list claims (key) that will be copied to a metadata field (value).- oidc
Disable BooleanUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc
Scopes List<String> ([]string: <optional>)- List of OIDC scopes.- signing
Algs List<String> ([]string: <optional>)- A list of supported signing algorithms.
Package Details
- Repository
- HashiCorp Nomad pulumi/pulumi-nomad
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
nomadTerraform Provider.