Nomad v2.3.0, Jun 5 24

Nomad v2.3.0 published on Wednesday, Jun 5, 2024 by Pulumi

nomad.AclAuthMethod

Explore with Pulumi AI

Nomad v2.3.0 published on Wednesday, Jun 5, 2024 by Pulumi

pulumi/pulumi-nomad

Example Usage

Creating an ALC Auth Method:

import * as pulumi from "@pulumi/pulumi";
import * as nomad from "@pulumi/nomad";

const myNomadAclAuthMethod = new nomad.AclAuthMethod("my_nomad_acl_auth_method", {
    name: "my-nomad-acl-auth-method",
    type: "OIDC",
    tokenLocality: "global",
    maxTokenTtl: "10m0s",
    tokenNameFormat: `${auth_method_type}-${value.user}`,
    "default": true,
    config: {
        oidcDiscoveryUrl: "https://uk.auth0.com/",
        oidcClientId: "someclientid",
        oidcClientSecret: "someclientsecret-t",
        boundAudiences: ["someclientid"],
        allowedRedirectUris: [
            "http://localhost:4649/oidc/callback",
            "http://localhost:4646/ui/settings/tokens",
        ],
        listClaimMappings: {
            "http://nomad.internal/roles": "roles",
        },
    },
});

import pulumi
import pulumi_nomad as nomad

my_nomad_acl_auth_method = nomad.AclAuthMethod("my_nomad_acl_auth_method",
    name="my-nomad-acl-auth-method",
    type="OIDC",
    token_locality="global",
    max_token_ttl="10m0s",
    token_name_format="${auth_method_type}-${value.user}",
    default=True,
    config=nomad.AclAuthMethodConfigArgs(
        oidc_discovery_url="https://uk.auth0.com/",
        oidc_client_id="someclientid",
        oidc_client_secret="someclientsecret-t",
        bound_audiences=["someclientid"],
        allowed_redirect_uris=[
            "http://localhost:4649/oidc/callback",
            "http://localhost:4646/ui/settings/tokens",
        ],
        list_claim_mappings={
            "http://nomad.internal/roles": "roles",
        },
    ))

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := nomad.NewAclAuthMethod(ctx, "my_nomad_acl_auth_method", &nomad.AclAuthMethodArgs{
			Name:            pulumi.String("my-nomad-acl-auth-method"),
			Type:            pulumi.String("OIDC"),
			TokenLocality:   pulumi.String("global"),
			MaxTokenTtl:     pulumi.String("10m0s"),
			TokenNameFormat: pulumi.String(fmt.Sprintf("${auth_method_type}-${value.user}")),
			Default:         pulumi.Bool(true),
			Config: &nomad.AclAuthMethodConfigArgs{
				OidcDiscoveryUrl: pulumi.String("https://uk.auth0.com/"),
				OidcClientId:     pulumi.String("someclientid"),
				OidcClientSecret: pulumi.String("someclientsecret-t"),
				BoundAudiences: pulumi.StringArray{
					pulumi.String("someclientid"),
				},
				AllowedRedirectUris: pulumi.StringArray{
					pulumi.String("http://localhost:4649/oidc/callback"),
					pulumi.String("http://localhost:4646/ui/settings/tokens"),
				},
				ListClaimMappings: pulumi.StringMap{
					"http://nomad.internal/roles": pulumi.String("roles"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nomad = Pulumi.Nomad;

return await Deployment.RunAsync(() => 
{
    var myNomadAclAuthMethod = new Nomad.AclAuthMethod("my_nomad_acl_auth_method", new()
    {
        Name = "my-nomad-acl-auth-method",
        Type = "OIDC",
        TokenLocality = "global",
        MaxTokenTtl = "10m0s",
        TokenNameFormat = "${auth_method_type}-${value.user}",
        Default = true,
        Config = new Nomad.Inputs.AclAuthMethodConfigArgs
        {
            OidcDiscoveryUrl = "https://uk.auth0.com/",
            OidcClientId = "someclientid",
            OidcClientSecret = "someclientsecret-t",
            BoundAudiences = new[]
            {
                "someclientid",
            },
            AllowedRedirectUris = new[]
            {
                "http://localhost:4649/oidc/callback",
                "http://localhost:4646/ui/settings/tokens",
            },
            ListClaimMappings = 
            {
                { "http://nomad.internal/roles", "roles" },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nomad.AclAuthMethod;
import com.pulumi.nomad.AclAuthMethodArgs;
import com.pulumi.nomad.inputs.AclAuthMethodConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myNomadAclAuthMethod = new AclAuthMethod("myNomadAclAuthMethod", AclAuthMethodArgs.builder()
            .name("my-nomad-acl-auth-method")
            .type("OIDC")
            .tokenLocality("global")
            .maxTokenTtl("10m0s")
            .tokenNameFormat("${auth_method_type}-${value.user}")
            .default_(true)
            .config(AclAuthMethodConfigArgs.builder()
                .oidcDiscoveryUrl("https://uk.auth0.com/")
                .oidcClientId("someclientid")
                .oidcClientSecret("someclientsecret-t")
                .boundAudiences("someclientid")
                .allowedRedirectUris(                
                    "http://localhost:4649/oidc/callback",
                    "http://localhost:4646/ui/settings/tokens")
                .listClaimMappings(Map.of("http://nomad.internal/roles", "roles"))
                .build())
            .build());

    }
}

resources:
  myNomadAclAuthMethod:
    type: nomad:AclAuthMethod
    name: my_nomad_acl_auth_method
    properties:
      name: my-nomad-acl-auth-method
      type: OIDC
      tokenLocality: global
      maxTokenTtl: 10m0s
      tokenNameFormat: ${auth_method_type}-${value.user}
      default: true
      config:
        oidcDiscoveryUrl: https://uk.auth0.com/
        oidcClientId: someclientid
        oidcClientSecret: someclientsecret-t
        boundAudiences:
          - someclientid
        allowedRedirectUris:
          - http://localhost:4649/oidc/callback
          - http://localhost:4646/ui/settings/tokens
        listClaimMappings:
          http://nomad.internal/roles: roles

Create AclAuthMethod Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);

@overload
def AclAuthMethod(resource_name: str,
                  args: AclAuthMethodArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def AclAuthMethod(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  config: Optional[AclAuthMethodConfigArgs] = None,
                  max_token_ttl: Optional[str] = None,
                  token_locality: Optional[str] = None,
                  type: Optional[str] = None,
                  default: Optional[bool] = None,
                  name: Optional[str] = None,
                  token_name_format: Optional[str] = None)

func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)

public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)

public AclAuthMethod(String name, AclAuthMethodArgs args)
public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)

type: nomad:AclAuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AclAuthMethodArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AclAuthMethodArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AclAuthMethodArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AclAuthMethodArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AclAuthMethodArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var aclAuthMethodResource = new Nomad.AclAuthMethod("aclAuthMethodResource", new()
{
    Config = new Nomad.Inputs.AclAuthMethodConfigArgs
    {
        AllowedRedirectUris = new[]
        {
            "string",
        },
        BoundAudiences = new[]
        {
            "string",
        },
        BoundIssuers = new[]
        {
            "string",
        },
        ClaimMappings = 
        {
            { "string", "string" },
        },
        ClockSkewLeeway = "string",
        DiscoveryCaPems = new[]
        {
            "string",
        },
        ExpirationLeeway = "string",
        JwksCaCert = "string",
        JwksUrl = "string",
        JwtValidationPubKeys = new[]
        {
            "string",
        },
        ListClaimMappings = 
        {
            { "string", "string" },
        },
        NotBeforeLeeway = "string",
        OidcClientId = "string",
        OidcClientSecret = "string",
        OidcDisableUserinfo = false,
        OidcDiscoveryUrl = "string",
        OidcScopes = new[]
        {
            "string",
        },
        SigningAlgs = new[]
        {
            "string",
        },
    },
    MaxTokenTtl = "string",
    TokenLocality = "string",
    Type = "string",
    Default = false,
    Name = "string",
    TokenNameFormat = "string",
});

example, err := nomad.NewAclAuthMethod(ctx, "aclAuthMethodResource", &nomad.AclAuthMethodArgs{
	Config: &nomad.AclAuthMethodConfigArgs{
		AllowedRedirectUris: pulumi.StringArray{
			pulumi.String("string"),
		},
		BoundAudiences: pulumi.StringArray{
			pulumi.String("string"),
		},
		BoundIssuers: pulumi.StringArray{
			pulumi.String("string"),
		},
		ClaimMappings: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		ClockSkewLeeway: pulumi.String("string"),
		DiscoveryCaPems: pulumi.StringArray{
			pulumi.String("string"),
		},
		ExpirationLeeway: pulumi.String("string"),
		JwksCaCert:       pulumi.String("string"),
		JwksUrl:          pulumi.String("string"),
		JwtValidationPubKeys: pulumi.StringArray{
			pulumi.String("string"),
		},
		ListClaimMappings: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		NotBeforeLeeway:     pulumi.String("string"),
		OidcClientId:        pulumi.String("string"),
		OidcClientSecret:    pulumi.String("string"),
		OidcDisableUserinfo: pulumi.Bool(false),
		OidcDiscoveryUrl:    pulumi.String("string"),
		OidcScopes: pulumi.StringArray{
			pulumi.String("string"),
		},
		SigningAlgs: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	MaxTokenTtl:     pulumi.String("string"),
	TokenLocality:   pulumi.String("string"),
	Type:            pulumi.String("string"),
	Default:         pulumi.Bool(false),
	Name:            pulumi.String("string"),
	TokenNameFormat: pulumi.String("string"),
})

var aclAuthMethodResource = new AclAuthMethod("aclAuthMethodResource", AclAuthMethodArgs.builder()
    .config(AclAuthMethodConfigArgs.builder()
        .allowedRedirectUris("string")
        .boundAudiences("string")
        .boundIssuers("string")
        .claimMappings(Map.of("string", "string"))
        .clockSkewLeeway("string")
        .discoveryCaPems("string")
        .expirationLeeway("string")
        .jwksCaCert("string")
        .jwksUrl("string")
        .jwtValidationPubKeys("string")
        .listClaimMappings(Map.of("string", "string"))
        .notBeforeLeeway("string")
        .oidcClientId("string")
        .oidcClientSecret("string")
        .oidcDisableUserinfo(false)
        .oidcDiscoveryUrl("string")
        .oidcScopes("string")
        .signingAlgs("string")
        .build())
    .maxTokenTtl("string")
    .tokenLocality("string")
    .type("string")
    .default_(false)
    .name("string")
    .tokenNameFormat("string")
    .build());

acl_auth_method_resource = nomad.AclAuthMethod("aclAuthMethodResource",
    config=nomad.AclAuthMethodConfigArgs(
        allowed_redirect_uris=["string"],
        bound_audiences=["string"],
        bound_issuers=["string"],
        claim_mappings={
            "string": "string",
        },
        clock_skew_leeway="string",
        discovery_ca_pems=["string"],
        expiration_leeway="string",
        jwks_ca_cert="string",
        jwks_url="string",
        jwt_validation_pub_keys=["string"],
        list_claim_mappings={
            "string": "string",
        },
        not_before_leeway="string",
        oidc_client_id="string",
        oidc_client_secret="string",
        oidc_disable_userinfo=False,
        oidc_discovery_url="string",
        oidc_scopes=["string"],
        signing_algs=["string"],
    ),
    max_token_ttl="string",
    token_locality="string",
    type="string",
    default=False,
    name="string",
    token_name_format="string")

const aclAuthMethodResource = new nomad.AclAuthMethod("aclAuthMethodResource", {
    config: {
        allowedRedirectUris: ["string"],
        boundAudiences: ["string"],
        boundIssuers: ["string"],
        claimMappings: {
            string: "string",
        },
        clockSkewLeeway: "string",
        discoveryCaPems: ["string"],
        expirationLeeway: "string",
        jwksCaCert: "string",
        jwksUrl: "string",
        jwtValidationPubKeys: ["string"],
        listClaimMappings: {
            string: "string",
        },
        notBeforeLeeway: "string",
        oidcClientId: "string",
        oidcClientSecret: "string",
        oidcDisableUserinfo: false,
        oidcDiscoveryUrl: "string",
        oidcScopes: ["string"],
        signingAlgs: ["string"],
    },
    maxTokenTtl: "string",
    tokenLocality: "string",
    type: "string",
    "default": false,
    name: "string",
    tokenNameFormat: "string",
});

type: nomad:AclAuthMethod
properties:
    config:
        allowedRedirectUris:
            - string
        boundAudiences:
            - string
        boundIssuers:
            - string
        claimMappings:
            string: string
        clockSkewLeeway: string
        discoveryCaPems:
            - string
        expirationLeeway: string
        jwksCaCert: string
        jwksUrl: string
        jwtValidationPubKeys:
            - string
        listClaimMappings:
            string: string
        notBeforeLeeway: string
        oidcClientId: string
        oidcClientSecret: string
        oidcDisableUserinfo: false
        oidcDiscoveryUrl: string
        oidcScopes:
            - string
        signingAlgs:
            - string
    default: false
    maxTokenTtl: string
    name: string
    tokenLocality: string
    tokenNameFormat: string
    type: string

AclAuthMethod Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AclAuthMethod resource accepts the following input properties:

Config AclAuthMethodConfig: (block: <required>) - Configuration specific to the auth method provider.
MaxTokenTtl string: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
TokenLocality string: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
Type string: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
Default bool: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
Name string: (string: <required>) - The identifier of the ACL Auth Method.
TokenNameFormat string: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.

Config AclAuthMethodConfigArgs: (block: <required>) - Configuration specific to the auth method provider.
MaxTokenTtl string: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
TokenLocality string: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
Type string: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
Default bool: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
Name string: (string: <required>) - The identifier of the ACL Auth Method.
TokenNameFormat string: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.

config AclAuthMethodConfig: (block: <required>) - Configuration specific to the auth method provider.
maxTokenTtl String: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
tokenLocality String: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type String: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default_ Boolean: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
name String: (string: <required>) - The identifier of the ACL Auth Method.
tokenNameFormat String: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.

config AclAuthMethodConfig: (block: <required>) - Configuration specific to the auth method provider.
maxTokenTtl string: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
tokenLocality string: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type string: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default boolean: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
name string: (string: <required>) - The identifier of the ACL Auth Method.
tokenNameFormat string: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.

config AclAuthMethodConfigArgs: (block: <required>) - Configuration specific to the auth method provider.
max_token_ttl str: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
token_locality str: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type str: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default bool: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
name str: (string: <required>) - The identifier of the ACL Auth Method.
token_name_format str: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.

config Property Map: (block: <required>) - Configuration specific to the auth method provider.
maxTokenTtl String: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
tokenLocality String: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type String: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default Boolean: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
name String: (string: <required>) - The identifier of the ACL Auth Method.
tokenNameFormat String: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.

Outputs

All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing AclAuthMethod Resource

Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[AclAuthMethodConfigArgs] = None,
        default: Optional[bool] = None,
        max_token_ttl: Optional[str] = None,
        name: Optional[str] = None,
        token_locality: Optional[str] = None,
        token_name_format: Optional[str] = None,
        type: Optional[str] = None) -> AclAuthMethod

func GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)

public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)

public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Config AclAuthMethodConfig: (block: <required>) - Configuration specific to the auth method provider.
Default bool: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
MaxTokenTtl string: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
Name string: (string: <required>) - The identifier of the ACL Auth Method.
TokenLocality string: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
TokenNameFormat string: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
Type string: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.

Config AclAuthMethodConfigArgs: (block: <required>) - Configuration specific to the auth method provider.
Default bool: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
MaxTokenTtl string: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
Name string: (string: <required>) - The identifier of the ACL Auth Method.
TokenLocality string: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
TokenNameFormat string: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
Type string: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.

config AclAuthMethodConfig: (block: <required>) - Configuration specific to the auth method provider.
default_ Boolean: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
maxTokenTtl String: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name String: (string: <required>) - The identifier of the ACL Auth Method.
tokenLocality String: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
tokenNameFormat String: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type String: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.

config AclAuthMethodConfig: (block: <required>) - Configuration specific to the auth method provider.
default boolean: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
maxTokenTtl string: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name string: (string: <required>) - The identifier of the ACL Auth Method.
tokenLocality string: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
tokenNameFormat string: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type string: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.

config AclAuthMethodConfigArgs: (block: <required>) - Configuration specific to the auth method provider.
default bool: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
max_token_ttl str: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name str: (string: <required>) - The identifier of the ACL Auth Method.
token_locality str: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
token_name_format str: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type str: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.

config Property Map: (block: <required>) - Configuration specific to the auth method provider.
default Boolean: (bool: false) - Defines whether this ACL Auth Method is to be set as default.
maxTokenTtl String: (string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name String: (string: <required>) - The identifier of the ACL Auth Method.
tokenLocality String: (string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
tokenNameFormat String: (string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type String: (string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.

Supporting Types

AclAuthMethodConfig, AclAuthMethodConfigArgs

AllowedRedirectUris List<string>: ([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
BoundAudiences List<string>: ([]string: <optional>) - List of auth claims that are valid for login.
BoundIssuers List<string>: ([]string: <optional>) - The value against which to match the iss claim in a JWT.
ClaimMappings Dictionary<string, string>: Mappings of claims (key) that will be copied to a metadata field (value).
ClockSkewLeeway string: (string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
DiscoveryCaPems List<string>: ([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
ExpirationLeeway string: (string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
JwksCaCert string: (string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
JwksUrl string: (string: <optional>) - JSON Web Key Sets url for authenticating signatures.
JwtValidationPubKeys List<string>: ([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
ListClaimMappings Dictionary<string, string>: Mappings of list claims (key) that will be copied to a metadata field (value).
NotBeforeLeeway string: (string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
OidcClientId string: (string: <optional>) - The OAuth Client ID configured with the OIDC provider.
OidcClientSecret string: (string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
OidcDisableUserinfo bool: (bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
OidcDiscoveryUrl string: (string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
OidcScopes List<string>: ([]string: <optional>) - List of OIDC scopes.
SigningAlgs List<string>: ([]string: <optional>) - A list of supported signing algorithms.

AllowedRedirectUris []string: ([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
BoundAudiences []string: ([]string: <optional>) - List of auth claims that are valid for login.
BoundIssuers []string: ([]string: <optional>) - The value against which to match the iss claim in a JWT.
ClaimMappings map[string]string: Mappings of claims (key) that will be copied to a metadata field (value).
ClockSkewLeeway string: (string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
DiscoveryCaPems []string: ([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
ExpirationLeeway string: (string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
JwksCaCert string: (string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
JwksUrl string: (string: <optional>) - JSON Web Key Sets url for authenticating signatures.
JwtValidationPubKeys []string: ([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
ListClaimMappings map[string]string: Mappings of list claims (key) that will be copied to a metadata field (value).
NotBeforeLeeway string: (string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
OidcClientId string: (string: <optional>) - The OAuth Client ID configured with the OIDC provider.
OidcClientSecret string: (string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
OidcDisableUserinfo bool: (bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
OidcDiscoveryUrl string: (string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
OidcScopes []string: ([]string: <optional>) - List of OIDC scopes.
SigningAlgs []string: ([]string: <optional>) - A list of supported signing algorithms.

allowedRedirectUris List<String>: ([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
boundAudiences List<String>: ([]string: <optional>) - List of auth claims that are valid for login.
boundIssuers List<String>: ([]string: <optional>) - The value against which to match the iss claim in a JWT.
claimMappings Map<String,String>: Mappings of claims (key) that will be copied to a metadata field (value).
clockSkewLeeway String: (string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discoveryCaPems List<String>: ([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expirationLeeway String: (string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwksCaCert String: (string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwksUrl String: (string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwtValidationPubKeys List<String>: ([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
listClaimMappings Map<String,String>: Mappings of list claims (key) that will be copied to a metadata field (value).
notBeforeLeeway String: (string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidcClientId String: (string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidcClientSecret String: (string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidcDisableUserinfo Boolean: (bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidcDiscoveryUrl String: (string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidcScopes List<String>: ([]string: <optional>) - List of OIDC scopes.
signingAlgs List<String>: ([]string: <optional>) - A list of supported signing algorithms.

allowedRedirectUris string[]: ([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
boundAudiences string[]: ([]string: <optional>) - List of auth claims that are valid for login.
boundIssuers string[]: ([]string: <optional>) - The value against which to match the iss claim in a JWT.
claimMappings {[key: string]: string}: Mappings of claims (key) that will be copied to a metadata field (value).
clockSkewLeeway string: (string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discoveryCaPems string[]: ([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expirationLeeway string: (string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwksCaCert string: (string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwksUrl string: (string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwtValidationPubKeys string[]: ([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
listClaimMappings {[key: string]: string}: Mappings of list claims (key) that will be copied to a metadata field (value).
notBeforeLeeway string: (string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidcClientId string: (string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidcClientSecret string: (string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidcDisableUserinfo boolean: (bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidcDiscoveryUrl string: (string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidcScopes string[]: ([]string: <optional>) - List of OIDC scopes.
signingAlgs string[]: ([]string: <optional>) - A list of supported signing algorithms.

allowed_redirect_uris Sequence[str]: ([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
bound_audiences Sequence[str]: ([]string: <optional>) - List of auth claims that are valid for login.
bound_issuers Sequence[str]: ([]string: <optional>) - The value against which to match the iss claim in a JWT.
claim_mappings Mapping[str, str]: Mappings of claims (key) that will be copied to a metadata field (value).
clock_skew_leeway str: (string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discovery_ca_pems Sequence[str]: ([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expiration_leeway str: (string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwks_ca_cert str: (string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwks_url str: (string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwt_validation_pub_keys Sequence[str]: ([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
list_claim_mappings Mapping[str, str]: Mappings of list claims (key) that will be copied to a metadata field (value).
not_before_leeway str: (string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidc_client_id str: (string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidc_client_secret str: (string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidc_disable_userinfo bool: (bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidc_discovery_url str: (string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidc_scopes Sequence[str]: ([]string: <optional>) - List of OIDC scopes.
signing_algs Sequence[str]: ([]string: <optional>) - A list of supported signing algorithms.

allowedRedirectUris List<String>: ([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
boundAudiences List<String>: ([]string: <optional>) - List of auth claims that are valid for login.
boundIssuers List<String>: ([]string: <optional>) - The value against which to match the iss claim in a JWT.
claimMappings Map<String>: Mappings of claims (key) that will be copied to a metadata field (value).
clockSkewLeeway String: (string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discoveryCaPems List<String>: ([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expirationLeeway String: (string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwksCaCert String: (string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwksUrl String: (string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwtValidationPubKeys List<String>: ([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
listClaimMappings Map<String>: Mappings of list claims (key) that will be copied to a metadata field (value).
notBeforeLeeway String: (string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidcClientId String: (string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidcClientSecret String: (string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidcDisableUserinfo Boolean: (bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidcDiscoveryUrl String: (string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidcScopes List<String>: ([]string: <optional>) - List of OIDC scopes.
signingAlgs List<String>: ([]string: <optional>) - A list of supported signing algorithms.

Package Details

Repository: HashiCorp Nomad pulumi/pulumi-nomad
License: Apache-2.0
Notes: This Pulumi package is based on the nomad Terraform Provider.

Nomad v2.3.0 published on Wednesday, Jun 5, 2024 by Pulumi

pulumi/pulumi-nomad

nomad.AclAuthMethod

On this page

On this page

Example Usage

Create AclAuthMethod Resource

Constructor syntax

Parameters

Constructor example

AclAuthMethod Resource Properties

Inputs

Outputs

Look up Existing AclAuthMethod Resource

Supporting Types

AclAuthMethodConfig, AclAuthMethodConfigArgs

Package Details

On this page

On this page