1. Packages
  2. HashiCorp Nomad
  3. API Docs
  4. AclAuthMethod
Nomad v2.0.0 published on Wednesday, Sep 13, 2023 by Pulumi

nomad.AclAuthMethod

Explore with Pulumi AI

nomad logo
Nomad v2.0.0 published on Wednesday, Sep 13, 2023 by Pulumi

    Manages an ACL Auth Method in Nomad.

    Example Usage

    Creating an ALC Auth Method

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Nomad = Pulumi.Nomad;
    
    return await Deployment.RunAsync(() => 
    {
        var myNomadAclAuthMethod = new Nomad.AclAuthMethod("myNomadAclAuthMethod", new()
        {
            Type = "OIDC",
            TokenLocality = "global",
            MaxTokenTtl = "10m0s",
            Default = true,
            Config = new Nomad.Inputs.AclAuthMethodConfigArgs
            {
                OidcDiscoveryUrl = "https://uk.auth0.com/",
                OidcClientId = "someclientid",
                OidcClientSecret = "someclientsecret-t",
                BoundAudiences = new[]
                {
                    "someclientid",
                },
                AllowedRedirectUris = new[]
                {
                    "http://localhost:4649/oidc/callback",
                    "http://localhost:4646/ui/settings/tokens",
                },
                ListClaimMappings = 
                {
                    { "http://nomad.internal/roles", "roles" },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := nomad.NewAclAuthMethod(ctx, "myNomadAclAuthMethod", &nomad.AclAuthMethodArgs{
    			Type:          pulumi.String("OIDC"),
    			TokenLocality: pulumi.String("global"),
    			MaxTokenTtl:   pulumi.String("10m0s"),
    			Default:       pulumi.Bool(true),
    			Config: &nomad.AclAuthMethodConfigArgs{
    				OidcDiscoveryUrl: pulumi.String("https://uk.auth0.com/"),
    				OidcClientId:     pulumi.String("someclientid"),
    				OidcClientSecret: pulumi.String("someclientsecret-t"),
    				BoundAudiences: pulumi.StringArray{
    					pulumi.String("someclientid"),
    				},
    				AllowedRedirectUris: pulumi.StringArray{
    					pulumi.String("http://localhost:4649/oidc/callback"),
    					pulumi.String("http://localhost:4646/ui/settings/tokens"),
    				},
    				ListClaimMappings: pulumi.StringMap{
    					"http://nomad.internal/roles": pulumi.String("roles"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.nomad.AclAuthMethod;
    import com.pulumi.nomad.AclAuthMethodArgs;
    import com.pulumi.nomad.inputs.AclAuthMethodConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var myNomadAclAuthMethod = new AclAuthMethod("myNomadAclAuthMethod", AclAuthMethodArgs.builder()        
                .type("OIDC")
                .tokenLocality("global")
                .maxTokenTtl("10m0s")
                .default_(true)
                .config(AclAuthMethodConfigArgs.builder()
                    .oidcDiscoveryUrl("https://uk.auth0.com/")
                    .oidcClientId("someclientid")
                    .oidcClientSecret("someclientsecret-t")
                    .boundAudiences("someclientid")
                    .allowedRedirectUris(                
                        "http://localhost:4649/oidc/callback",
                        "http://localhost:4646/ui/settings/tokens")
                    .listClaimMappings(Map.of("http://nomad.internal/roles", "roles"))
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_nomad as nomad
    
    my_nomad_acl_auth_method = nomad.AclAuthMethod("myNomadAclAuthMethod",
        type="OIDC",
        token_locality="global",
        max_token_ttl="10m0s",
        default=True,
        config=nomad.AclAuthMethodConfigArgs(
            oidc_discovery_url="https://uk.auth0.com/",
            oidc_client_id="someclientid",
            oidc_client_secret="someclientsecret-t",
            bound_audiences=["someclientid"],
            allowed_redirect_uris=[
                "http://localhost:4649/oidc/callback",
                "http://localhost:4646/ui/settings/tokens",
            ],
            list_claim_mappings={
                "http://nomad.internal/roles": "roles",
            },
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as nomad from "@pulumi/nomad";
    
    const myNomadAclAuthMethod = new nomad.AclAuthMethod("myNomadAclAuthMethod", {
        type: "OIDC",
        tokenLocality: "global",
        maxTokenTtl: "10m0s",
        "default": true,
        config: {
            oidcDiscoveryUrl: "https://uk.auth0.com/",
            oidcClientId: "someclientid",
            oidcClientSecret: "someclientsecret-t",
            boundAudiences: ["someclientid"],
            allowedRedirectUris: [
                "http://localhost:4649/oidc/callback",
                "http://localhost:4646/ui/settings/tokens",
            ],
            listClaimMappings: {
                "http://nomad.internal/roles": "roles",
            },
        },
    });
    
    resources:
      myNomadAclAuthMethod:
        type: nomad:AclAuthMethod
        properties:
          type: OIDC
          tokenLocality: global
          maxTokenTtl: 10m0s
          default: true
          config:
            oidcDiscoveryUrl: https://uk.auth0.com/
            oidcClientId: someclientid
            oidcClientSecret: someclientsecret-t
            boundAudiences:
              - someclientid
            allowedRedirectUris:
              - http://localhost:4649/oidc/callback
              - http://localhost:4646/ui/settings/tokens
            listClaimMappings:
              http://nomad.internal/roles: roles
    

    Create AclAuthMethod Resource

    new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);
    @overload
    def AclAuthMethod(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      config: Optional[AclAuthMethodConfigArgs] = None,
                      default: Optional[bool] = None,
                      max_token_ttl: Optional[str] = None,
                      name: Optional[str] = None,
                      token_locality: Optional[str] = None,
                      type: Optional[str] = None)
    @overload
    def AclAuthMethod(resource_name: str,
                      args: AclAuthMethodArgs,
                      opts: Optional[ResourceOptions] = None)
    func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)
    public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)
    public AclAuthMethod(String name, AclAuthMethodArgs args)
    public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)
    
    type: nomad:AclAuthMethod
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AclAuthMethodArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AclAuthMethodArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AclAuthMethodArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AclAuthMethodArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AclAuthMethodArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AclAuthMethod Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AclAuthMethod resource accepts the following input properties:

    Config AclAuthMethodConfig

    Configuration specific to the auth method provider.

    MaxTokenTtl string

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    TokenLocality string

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    Type string

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    Default bool

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    Name string

    (string: <required>) - The identifier of the ACL Auth Method.

    Config AclAuthMethodConfigArgs

    Configuration specific to the auth method provider.

    MaxTokenTtl string

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    TokenLocality string

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    Type string

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    Default bool

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    Name string

    (string: <required>) - The identifier of the ACL Auth Method.

    config AclAuthMethodConfig

    Configuration specific to the auth method provider.

    maxTokenTtl String

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    tokenLocality String

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type String

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    default_ Boolean

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    name String

    (string: <required>) - The identifier of the ACL Auth Method.

    config AclAuthMethodConfig

    Configuration specific to the auth method provider.

    maxTokenTtl string

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    tokenLocality string

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type string

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    default boolean

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    name string

    (string: <required>) - The identifier of the ACL Auth Method.

    config AclAuthMethodConfigArgs

    Configuration specific to the auth method provider.

    max_token_ttl str

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    token_locality str

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type str

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    default bool

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    name str

    (string: <required>) - The identifier of the ACL Auth Method.

    config Property Map

    Configuration specific to the auth method provider.

    maxTokenTtl String

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    tokenLocality String

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type String

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    default Boolean

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    name String

    (string: <required>) - The identifier of the ACL Auth Method.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing AclAuthMethod Resource

    Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            config: Optional[AclAuthMethodConfigArgs] = None,
            default: Optional[bool] = None,
            max_token_ttl: Optional[str] = None,
            name: Optional[str] = None,
            token_locality: Optional[str] = None,
            type: Optional[str] = None) -> AclAuthMethod
    func GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)
    public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)
    public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Config AclAuthMethodConfig

    Configuration specific to the auth method provider.

    Default bool

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    MaxTokenTtl string

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    Name string

    (string: <required>) - The identifier of the ACL Auth Method.

    TokenLocality string

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    Type string

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    Config AclAuthMethodConfigArgs

    Configuration specific to the auth method provider.

    Default bool

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    MaxTokenTtl string

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    Name string

    (string: <required>) - The identifier of the ACL Auth Method.

    TokenLocality string

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    Type string

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    config AclAuthMethodConfig

    Configuration specific to the auth method provider.

    default_ Boolean

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    maxTokenTtl String

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    name String

    (string: <required>) - The identifier of the ACL Auth Method.

    tokenLocality String

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type String

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    config AclAuthMethodConfig

    Configuration specific to the auth method provider.

    default boolean

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    maxTokenTtl string

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    name string

    (string: <required>) - The identifier of the ACL Auth Method.

    tokenLocality string

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type string

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    config AclAuthMethodConfigArgs

    Configuration specific to the auth method provider.

    default bool

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    max_token_ttl str

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    name str

    (string: <required>) - The identifier of the ACL Auth Method.

    token_locality str

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type str

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    config Property Map

    Configuration specific to the auth method provider.

    default Boolean

    (bool: false) - Defines whether this ACL Auth Method is to be set as default.

    maxTokenTtl String

    (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".

    name String

    (string: <required>) - The identifier of the ACL Auth Method.

    tokenLocality String

    (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.

    type String

    (string: <required>) - ACL Auth Method SSO workflow type. Currently, the only supported type is OIDC.

    Supporting Types

    AclAuthMethodConfig, AclAuthMethodConfigArgs

    AllowedRedirectUris List<string>
    OidcClientId string
    OidcClientSecret string
    OidcDiscoveryUrl string
    BoundAudiences List<string>
    ClaimMappings Dictionary<string, string>
    DiscoveryCaPems List<string>
    ListClaimMappings Dictionary<string, string>
    OidcScopes List<string>
    SigningAlgs List<string>
    AllowedRedirectUris []string
    OidcClientId string
    OidcClientSecret string
    OidcDiscoveryUrl string
    BoundAudiences []string
    ClaimMappings map[string]string
    DiscoveryCaPems []string
    ListClaimMappings map[string]string
    OidcScopes []string
    SigningAlgs []string
    allowedRedirectUris List<String>
    oidcClientId String
    oidcClientSecret String
    oidcDiscoveryUrl String
    boundAudiences List<String>
    claimMappings Map<String,String>
    discoveryCaPems List<String>
    listClaimMappings Map<String,String>
    oidcScopes List<String>
    signingAlgs List<String>
    allowedRedirectUris string[]
    oidcClientId string
    oidcClientSecret string
    oidcDiscoveryUrl string
    boundAudiences string[]
    claimMappings {[key: string]: string}
    discoveryCaPems string[]
    listClaimMappings {[key: string]: string}
    oidcScopes string[]
    signingAlgs string[]
    allowed_redirect_uris Sequence[str]
    oidc_client_id str
    oidc_client_secret str
    oidc_discovery_url str
    bound_audiences Sequence[str]
    claim_mappings Mapping[str, str]
    discovery_ca_pems Sequence[str]
    list_claim_mappings Mapping[str, str]
    oidc_scopes Sequence[str]
    signing_algs Sequence[str]
    allowedRedirectUris List<String>
    oidcClientId String
    oidcClientSecret String
    oidcDiscoveryUrl String
    boundAudiences List<String>
    claimMappings Map<String>
    discoveryCaPems List<String>
    listClaimMappings Map<String>
    oidcScopes List<String>
    signingAlgs List<String>

    Package Details

    Repository
    HashiCorp Nomad pulumi/pulumi-nomad
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the nomad Terraform Provider.

    nomad logo
    Nomad v2.0.0 published on Wednesday, Sep 13, 2023 by Pulumi