Docs
Packagesnomad.AclAuthMethod
Explore with Pulumi AI
Manages an ACL Auth Method in Nomad.
Example Usage
Creating an ALC Auth Method
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nomad = Pulumi.Nomad;
return await Deployment.RunAsync(() =>
{
var myNomadAclAuthMethod = new Nomad.AclAuthMethod("myNomadAclAuthMethod", new()
{
Type = "OIDC",
TokenLocality = "global",
MaxTokenTtl = "10m0s",
Default = true,
Config = new Nomad.Inputs.AclAuthMethodConfigArgs
{
OidcDiscoveryUrl = "https://uk.auth0.com/",
OidcClientId = "someclientid",
OidcClientSecret = "someclientsecret-t",
BoundAudiences = new[]
{
"someclientid",
},
AllowedRedirectUris = new[]
{
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
},
ListClaimMappings =
{
{ "http://nomad.internal/roles", "roles" },
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := nomad.NewAclAuthMethod(ctx, "myNomadAclAuthMethod", &nomad.AclAuthMethodArgs{
Type: pulumi.String("OIDC"),
TokenLocality: pulumi.String("global"),
MaxTokenTtl: pulumi.String("10m0s"),
Default: pulumi.Bool(true),
Config: &nomad.AclAuthMethodConfigArgs{
OidcDiscoveryUrl: pulumi.String("https://uk.auth0.com/"),
OidcClientId: pulumi.String("someclientid"),
OidcClientSecret: pulumi.String("someclientsecret-t"),
BoundAudiences: pulumi.StringArray{
pulumi.String("someclientid"),
},
AllowedRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:4649/oidc/callback"),
pulumi.String("http://localhost:4646/ui/settings/tokens"),
},
ListClaimMappings: pulumi.StringMap{
"http://nomad.internal/roles": pulumi.String("roles"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nomad.AclAuthMethod;
import com.pulumi.nomad.AclAuthMethodArgs;
import com.pulumi.nomad.inputs.AclAuthMethodConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myNomadAclAuthMethod = new AclAuthMethod("myNomadAclAuthMethod", AclAuthMethodArgs.builder()
.type("OIDC")
.tokenLocality("global")
.maxTokenTtl("10m0s")
.default_(true)
.config(AclAuthMethodConfigArgs.builder()
.oidcDiscoveryUrl("https://uk.auth0.com/")
.oidcClientId("someclientid")
.oidcClientSecret("someclientsecret-t")
.boundAudiences("someclientid")
.allowedRedirectUris(
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens")
.listClaimMappings(Map.of("http://nomad.internal/roles", "roles"))
.build())
.build());
}
}
import pulumi
import pulumi_nomad as nomad
my_nomad_acl_auth_method = nomad.AclAuthMethod("myNomadAclAuthMethod",
type="OIDC",
token_locality="global",
max_token_ttl="10m0s",
default=True,
config=nomad.AclAuthMethodConfigArgs(
oidc_discovery_url="https://uk.auth0.com/",
oidc_client_id="someclientid",
oidc_client_secret="someclientsecret-t",
bound_audiences=["someclientid"],
allowed_redirect_uris=[
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
list_claim_mappings={
"http://nomad.internal/roles": "roles",
},
))
import * as pulumi from "@pulumi/pulumi";
import * as nomad from "@pulumi/nomad";
const myNomadAclAuthMethod = new nomad.AclAuthMethod("myNomadAclAuthMethod", {
type: "OIDC",
tokenLocality: "global",
maxTokenTtl: "10m0s",
"default": true,
config: {
oidcDiscoveryUrl: "https://uk.auth0.com/",
oidcClientId: "someclientid",
oidcClientSecret: "someclientsecret-t",
boundAudiences: ["someclientid"],
allowedRedirectUris: [
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
listClaimMappings: {
"http://nomad.internal/roles": "roles",
},
},
});
resources:
myNomadAclAuthMethod:
type: nomad:AclAuthMethod
properties:
type: OIDC
tokenLocality: global
maxTokenTtl: 10m0s
default: true
config:
oidcDiscoveryUrl: https://uk.auth0.com/
oidcClientId: someclientid
oidcClientSecret: someclientsecret-t
boundAudiences:
- someclientid
allowedRedirectUris:
- http://localhost:4649/oidc/callback
- http://localhost:4646/ui/settings/tokens
listClaimMappings:
http://nomad.internal/roles: roles
Create AclAuthMethod Resource
new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);@overload
def AclAuthMethod(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[AclAuthMethodConfigArgs] = None,
default: Optional[bool] = None,
max_token_ttl: Optional[str] = None,
name: Optional[str] = None,
token_locality: Optional[str] = None,
type: Optional[str] = None)
@overload
def AclAuthMethod(resource_name: str,
args: AclAuthMethodArgs,
opts: Optional[ResourceOptions] = None)func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)
public AclAuthMethod(String name, AclAuthMethodArgs args)
public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)
type: nomad:AclAuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AclAuthMethod Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AclAuthMethod resource accepts the following input properties:
- Config
Acl
Auth Method Config Configuration specific to the auth method provider.
- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Name string
(string: <required>)- The identifier of the ACL Auth Method.
- Config
Acl
Auth Method Config Args Configuration specific to the auth method provider.
- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Name string
(string: <required>)- The identifier of the ACL Auth Method.
- config
Acl
Auth Method Config Configuration specific to the auth method provider.
- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default_ Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name String
(string: <required>)- The identifier of the ACL Auth Method.
- config
Acl
Auth Method Config Configuration specific to the auth method provider.
- max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name string
(string: <required>)- The identifier of the ACL Auth Method.
- config
Acl
Auth Method Config Args Configuration specific to the auth method provider.
- max_
token_ strttl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token_
locality str (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type str
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name str
(string: <required>)- The identifier of the ACL Auth Method.
- config Property Map
Configuration specific to the auth method provider.
- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.- default Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name String
(string: <required>)- The identifier of the ACL Auth Method.
Outputs
All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AclAuthMethod Resource
Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[AclAuthMethodConfigArgs] = None,
default: Optional[bool] = None,
max_token_ttl: Optional[str] = None,
name: Optional[str] = None,
token_locality: Optional[str] = None,
type: Optional[str] = None) -> AclAuthMethodfunc GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config
Acl
Auth Method Config Configuration specific to the auth method provider.
- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- Config
Acl
Auth Method Config Args Configuration specific to the auth method provider.
- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config
Acl
Auth Method Config Configuration specific to the auth method provider.
- default_ Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config
Acl
Auth Method Config Configuration specific to the auth method provider.
- default boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name string
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type string
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config
Acl
Auth Method Config Args Configuration specific to the auth method provider.
- default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max_
token_ strttl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name str
(string: <required>)- The identifier of the ACL Auth Method.- token_
locality str (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type str
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
- config Property Map
Configuration specific to the auth method provider.
- default Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Currently, the only supported type isOIDC.
Supporting Types
AclAuthMethodConfig, AclAuthMethodConfigArgs
- Allowed
Redirect List<string>Uris - Oidc
Client stringId - Oidc
Client stringSecret - Oidc
Discovery stringUrl - Bound
Audiences List<string> - Claim
Mappings Dictionary<string, string> - Discovery
Ca List<string>Pems - List
Claim Dictionary<string, string>Mappings - Oidc
Scopes List<string> - Signing
Algs List<string>
- Allowed
Redirect []stringUris - Oidc
Client stringId - Oidc
Client stringSecret - Oidc
Discovery stringUrl - Bound
Audiences []string - Claim
Mappings map[string]string - Discovery
Ca []stringPems - List
Claim map[string]stringMappings - Oidc
Scopes []string - Signing
Algs []string
- allowed
Redirect List<String>Uris - oidc
Client StringId - oidc
Client StringSecret - oidc
Discovery StringUrl - bound
Audiences List<String> - claim
Mappings Map<String,String> - discovery
Ca List<String>Pems - list
Claim Map<String,String>Mappings - oidc
Scopes List<String> - signing
Algs List<String>
- allowed
Redirect string[]Uris - oidc
Client stringId - oidc
Client stringSecret - oidc
Discovery stringUrl - bound
Audiences string[] - claim
Mappings {[key: string]: string} - discovery
Ca string[]Pems - list
Claim {[key: string]: string}Mappings - oidc
Scopes string[] - signing
Algs string[]
- allowed_
redirect_ Sequence[str]uris - oidc_
client_ strid - oidc_
client_ strsecret - oidc_
discovery_ strurl - bound_
audiences Sequence[str] - claim_
mappings Mapping[str, str] - discovery_
ca_ Sequence[str]pems - list_
claim_ Mapping[str, str]mappings - oidc_
scopes Sequence[str] - signing_
algs Sequence[str]
- allowed
Redirect List<String>Uris - oidc
Client StringId - oidc
Client StringSecret - oidc
Discovery StringUrl - bound
Audiences List<String> - claim
Mappings Map<String> - discovery
Ca List<String>Pems - list
Claim Map<String>Mappings - oidc
Scopes List<String> - signing
Algs List<String>
Package Details
- Repository
- HashiCorp Nomad pulumi/pulumi-nomad
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
nomadTerraform Provider.