onelogin

v0.3.0 published on Wednesday, Jun 1, 2022 by Pulumi

AppRule

Manage App Rule resources.

This resource allows you to create and configure App Rules.

Important Note Regarding Position

The position field indicates the order in which rules are applied. They behave like progressive filters and as such, their positioning is strictly enforced. Your options for this field are to either:

  • Accept any ordering - Do not fill out any position field and each rule will be inserted in the order received by the API.

  • Strict Ordering - Enter a position number for each app rule. You’ll need to ensure there are no duplicates and no gaps in numbering.

  • Dependency based ordering - Use the depends_on field to specify an app rule’s predecessor to ensure rules are received by the API in the order in which they should be applied. e.g. depends_on = [onelogin_app_rules.test]

Example Usage

Strict Ordering

using Pulumi;
using Onelogin = Pulumi.Onelogin;

class MyStack : Stack
{
    public MyStack()
    {
        var check = new Onelogin.AppRule("check", new Onelogin.AppRuleArgs
        {
            AppId = onelogin_saml_apps.My_saml_app.Id,
            Position = 1,
            Enabled = true,
            Match = "all",
            Conditions = 
            {
                { "operator", "ri" },
                { "source", "has_role" },
                { "value", "340475" },
            },
            Actions = 
            {
                { "action", "set_amazonusername" },
                { "expression", ".*" },
                { "values", 
                {
                    "member_of",
                } },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-onelogin/sdk/go/onelogin"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := onelogin.NewAppRule(ctx, "check", &onelogin.AppRuleArgs{
			AppId:    pulumi.Any(onelogin_saml_apps.My_saml_app.Id),
			Position: pulumi.Int(1),
			Enabled:  pulumi.Bool(true),
			Match:    pulumi.String("all"),
			Conditions: AppRuleConditionArray{
				Operator: "ri",
				Source:   "has_role",
				Value:    "340475",
			},
			Actions: AppRuleActionArray{
				Action:     "set_amazonusername",
				Expression: ".*",
				Values: AppRuleActionArgs{
					"member_of",
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_onelogin as onelogin

check = onelogin.AppRule("check",
    app_id=onelogin_saml_apps["my_saml_app"]["id"],
    position=1,
    enabled=True,
    match="all",
    conditions={
        "operator": "ri",
        "source": "has_role",
        "value": "340475",
    },
    actions={
        "action": "set_amazonusername",
        "expression": ".*",
        "values": ["member_of"],
    })
import * as pulumi from "@pulumi/pulumi";
import * as onelogin from "@pulumi/onelogin";

const check = new onelogin.AppRule("check", {
    appId: onelogin_saml_apps.my_saml_app.id,
    position: 1,
    enabled: true,
    match: "all",
    conditions: {
        operator: "ri",
        source: "has_role",
        value: "340475",
    },
    actions: {
        action: "set_amazonusername",
        expression: ".*",
        values: ["member_of"],
    },
});

Coming soon!

Dependency Based Ordering

using Pulumi;
using Onelogin = Pulumi.Onelogin;

class MyStack : Stack
{
    public MyStack()
    {
        var test = new Onelogin.AppRule("test", new Onelogin.AppRuleArgs
        {
            AppId = onelogin_saml_apps.My_saml_app.Id,
            Enabled = true,
            Match = "all",
            Conditions = 
            {
                { "operator", "ri" },
                { "source", "has_role" },
                { "value", "340475" },
            },
            Actions = 
            {
                { "action", "set_amazonusername" },
                { "expression", ".*" },
                { "values", 
                {
                    "member_of",
                } },
            },
        });
        var check = new Onelogin.AppRule("check", new Onelogin.AppRuleArgs
        {
            AppId = onelogin_saml_apps.My_saml_app.Id,
            Enabled = true,
            Match = "all",
            Conditions = 
            {
                { "operator", "ri" },
                { "source", "has_role" },
                { "value", "340475" },
            },
            Actions = 
            {
                { "action", "set_amazonusername" },
                { "expression", ".*" },
                { "values", 
                {
                    "member_of",
                } },
            },
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                test,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-onelogin/sdk/go/onelogin"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := onelogin.NewAppRule(ctx, "test", &onelogin.AppRuleArgs{
			AppId:   pulumi.Any(onelogin_saml_apps.My_saml_app.Id),
			Enabled: pulumi.Bool(true),
			Match:   pulumi.String("all"),
			Conditions: AppRuleConditionArray{
				Operator: "ri",
				Source:   "has_role",
				Value:    "340475",
			},
			Actions: AppRuleActionArray{
				Action:     "set_amazonusername",
				Expression: ".*",
				Values: AppRuleActionArgs{
					"member_of",
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = onelogin.NewAppRule(ctx, "check", &onelogin.AppRuleArgs{
			AppId:   pulumi.Any(onelogin_saml_apps.My_saml_app.Id),
			Enabled: pulumi.Bool(true),
			Match:   pulumi.String("all"),
			Conditions: AppRuleConditionArray{
				Operator: "ri",
				Source:   "has_role",
				Value:    "340475",
			},
			Actions: AppRuleActionArray{
				Action:     "set_amazonusername",
				Expression: ".*",
				Values: AppRuleActionArgs{
					"member_of",
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			test,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_onelogin as onelogin

test = onelogin.AppRule("test",
    app_id=onelogin_saml_apps["my_saml_app"]["id"],
    enabled=True,
    match="all",
    conditions={
        "operator": "ri",
        "source": "has_role",
        "value": "340475",
    },
    actions={
        "action": "set_amazonusername",
        "expression": ".*",
        "values": ["member_of"],
    })
check = onelogin.AppRule("check",
    app_id=onelogin_saml_apps["my_saml_app"]["id"],
    enabled=True,
    match="all",
    conditions={
        "operator": "ri",
        "source": "has_role",
        "value": "340475",
    },
    actions={
        "action": "set_amazonusername",
        "expression": ".*",
        "values": ["member_of"],
    },
    opts=pulumi.ResourceOptions(depends_on=[test]))
import * as pulumi from "@pulumi/pulumi";
import * as onelogin from "@pulumi/onelogin";

const test = new onelogin.AppRule("test", {
    appId: onelogin_saml_apps.my_saml_app.id,
    enabled: true,
    match: "all",
    conditions: {
        operator: "ri",
        source: "has_role",
        value: "340475",
    },
    actions: {
        action: "set_amazonusername",
        expression: ".*",
        values: ["member_of"],
    },
});
const check = new onelogin.AppRule("check", {
    appId: onelogin_saml_apps.my_saml_app.id,
    enabled: true,
    match: "all",
    conditions: {
        operator: "ri",
        source: "has_role",
        value: "340475",
    },
    actions: {
        action: "set_amazonusername",
        expression: ".*",
        values: ["member_of"],
    },
}, {
    dependsOn: [test],
});

Coming soon!

Create a AppRule Resource

new AppRule(name: string, args: AppRuleArgs, opts?: CustomResourceOptions);
@overload
def AppRule(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            actions: Optional[Sequence[AppRuleActionArgs]] = None,
            app_id: Optional[str] = None,
            conditions: Optional[Sequence[AppRuleConditionArgs]] = None,
            enabled: Optional[bool] = None,
            match: Optional[str] = None,
            name: Optional[str] = None,
            position: Optional[int] = None)
@overload
def AppRule(resource_name: str,
            args: AppRuleArgs,
            opts: Optional[ResourceOptions] = None)
func NewAppRule(ctx *Context, name string, args AppRuleArgs, opts ...ResourceOption) (*AppRule, error)
public AppRule(string name, AppRuleArgs args, CustomResourceOptions? opts = null)
public AppRule(String name, AppRuleArgs args)
public AppRule(String name, AppRuleArgs args, CustomResourceOptions options)
type: onelogin:AppRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AppRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AppRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AppRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AppRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AppRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AppRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AppRule resource accepts the following input properties:

AppId string

The id of the App resource to which the rule should belong.

Match string

Indicates how conditions should be matched. Must be one of all or any.

Actions List<AppRuleActionArgs>

An array of actions that will be applied to the users that are matched by the conditions.

Conditions List<AppRuleConditionArgs>

An array of conditions that the user must meet in order for the rule to be applied.

Enabled bool

Indicate if the rule should go into effect.

Name string

The Rule's name

Position int

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

AppId string

The id of the App resource to which the rule should belong.

Match string

Indicates how conditions should be matched. Must be one of all or any.

Actions []AppRuleActionArgs

An array of actions that will be applied to the users that are matched by the conditions.

Conditions []AppRuleConditionArgs

An array of conditions that the user must meet in order for the rule to be applied.

Enabled bool

Indicate if the rule should go into effect.

Name string

The Rule's name

Position int

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

appId String

The id of the App resource to which the rule should belong.

match String

Indicates how conditions should be matched. Must be one of all or any.

actions List<AppRuleActionArgs>

An array of actions that will be applied to the users that are matched by the conditions.

conditions List<AppRuleConditionArgs>

An array of conditions that the user must meet in order for the rule to be applied.

enabled Boolean

Indicate if the rule should go into effect.

name String

The Rule's name

position Integer

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

appId string

The id of the App resource to which the rule should belong.

match string

Indicates how conditions should be matched. Must be one of all or any.

actions AppRuleActionArgs[]

An array of actions that will be applied to the users that are matched by the conditions.

conditions AppRuleConditionArgs[]

An array of conditions that the user must meet in order for the rule to be applied.

enabled boolean

Indicate if the rule should go into effect.

name string

The Rule's name

position number

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

app_id str

The id of the App resource to which the rule should belong.

match str

Indicates how conditions should be matched. Must be one of all or any.

actions Sequence[AppRuleActionArgs]

An array of actions that will be applied to the users that are matched by the conditions.

conditions Sequence[AppRuleConditionArgs]

An array of conditions that the user must meet in order for the rule to be applied.

enabled bool

Indicate if the rule should go into effect.

name str

The Rule's name

position int

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

appId String

The id of the App resource to which the rule should belong.

match String

Indicates how conditions should be matched. Must be one of all or any.

actions List<Property Map>

An array of actions that will be applied to the users that are matched by the conditions.

conditions List<Property Map>

An array of conditions that the user must meet in order for the rule to be applied.

enabled Boolean

Indicate if the rule should go into effect.

name String

The Rule's name

position Number

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

Outputs

All input properties are implicitly available as output properties. Additionally, the AppRule resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing AppRule Resource

Get an existing AppRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AppRuleState, opts?: CustomResourceOptions): AppRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        actions: Optional[Sequence[AppRuleActionArgs]] = None,
        app_id: Optional[str] = None,
        conditions: Optional[Sequence[AppRuleConditionArgs]] = None,
        enabled: Optional[bool] = None,
        match: Optional[str] = None,
        name: Optional[str] = None,
        position: Optional[int] = None) -> AppRule
func GetAppRule(ctx *Context, name string, id IDInput, state *AppRuleState, opts ...ResourceOption) (*AppRule, error)
public static AppRule Get(string name, Input<string> id, AppRuleState? state, CustomResourceOptions? opts = null)
public static AppRule get(String name, Output<String> id, AppRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Actions List<AppRuleActionArgs>

An array of actions that will be applied to the users that are matched by the conditions.

AppId string

The id of the App resource to which the rule should belong.

Conditions List<AppRuleConditionArgs>

An array of conditions that the user must meet in order for the rule to be applied.

Enabled bool

Indicate if the rule should go into effect.

Match string

Indicates how conditions should be matched. Must be one of all or any.

Name string

The Rule's name

Position int

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

Actions []AppRuleActionArgs

An array of actions that will be applied to the users that are matched by the conditions.

AppId string

The id of the App resource to which the rule should belong.

Conditions []AppRuleConditionArgs

An array of conditions that the user must meet in order for the rule to be applied.

Enabled bool

Indicate if the rule should go into effect.

Match string

Indicates how conditions should be matched. Must be one of all or any.

Name string

The Rule's name

Position int

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

actions List<AppRuleActionArgs>

An array of actions that will be applied to the users that are matched by the conditions.

appId String

The id of the App resource to which the rule should belong.

conditions List<AppRuleConditionArgs>

An array of conditions that the user must meet in order for the rule to be applied.

enabled Boolean

Indicate if the rule should go into effect.

match String

Indicates how conditions should be matched. Must be one of all or any.

name String

The Rule's name

position Integer

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

actions AppRuleActionArgs[]

An array of actions that will be applied to the users that are matched by the conditions.

appId string

The id of the App resource to which the rule should belong.

conditions AppRuleConditionArgs[]

An array of conditions that the user must meet in order for the rule to be applied.

enabled boolean

Indicate if the rule should go into effect.

match string

Indicates how conditions should be matched. Must be one of all or any.

name string

The Rule's name

position number

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

actions Sequence[AppRuleActionArgs]

An array of actions that will be applied to the users that are matched by the conditions.

app_id str

The id of the App resource to which the rule should belong.

conditions Sequence[AppRuleConditionArgs]

An array of conditions that the user must meet in order for the rule to be applied.

enabled bool

Indicate if the rule should go into effect.

match str

Indicates how conditions should be matched. Must be one of all or any.

name str

The Rule's name

position int

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

actions List<Property Map>

An array of actions that will be applied to the users that are matched by the conditions.

appId String

The id of the App resource to which the rule should belong.

conditions List<Property Map>

An array of conditions that the user must meet in order for the rule to be applied.

enabled Boolean

Indicate if the rule should go into effect.

match String

Indicates how conditions should be matched. Must be one of all or any.

name String

The Rule's name

position Number

Indicates the ordering of the rule. When not supplied the rule will be put at the end of the list on create and managed by the provider. '0' can be supplied to consistently push this rule to the end of the list on every update.

Supporting Types

AppRuleAction

Action string

The action to apply. See List Actions for possible values. Note: The action set_role_from_existing may also be used, however doing so will always clear the expression field as it is not accepted when mapping a rule from existing roles.

Values List<string>

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

Expression string

A regular expression to extract a value. Applies to provisionable, multi-selects, and string actions.

Action string

The action to apply. See List Actions for possible values. Note: The action set_role_from_existing may also be used, however doing so will always clear the expression field as it is not accepted when mapping a rule from existing roles.

Values []string

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

Expression string

A regular expression to extract a value. Applies to provisionable, multi-selects, and string actions.

action String

The action to apply. See List Actions for possible values. Note: The action set_role_from_existing may also be used, however doing so will always clear the expression field as it is not accepted when mapping a rule from existing roles.

values List<String>

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

expression String

A regular expression to extract a value. Applies to provisionable, multi-selects, and string actions.

action string

The action to apply. See List Actions for possible values. Note: The action set_role_from_existing may also be used, however doing so will always clear the expression field as it is not accepted when mapping a rule from existing roles.

values string[]

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

expression string

A regular expression to extract a value. Applies to provisionable, multi-selects, and string actions.

action str

The action to apply. See List Actions for possible values. Note: The action set_role_from_existing may also be used, however doing so will always clear the expression field as it is not accepted when mapping a rule from existing roles.

values Sequence[str]

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

expression str

A regular expression to extract a value. Applies to provisionable, multi-selects, and string actions.

action String

The action to apply. See List Actions for possible values. Note: The action set_role_from_existing may also be used, however doing so will always clear the expression field as it is not accepted when mapping a rule from existing roles.

values List<String>

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

expression String

A regular expression to extract a value. Applies to provisionable, multi-selects, and string actions.

AppRuleCondition

Operator string

A valid operator for the selected condition source. See List Condition Operators for possible values.

Source string

The source field to check. See List Conditions for possible values.

Value string

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

Operator string

A valid operator for the selected condition source. See List Condition Operators for possible values.

Source string

The source field to check. See List Conditions for possible values.

Value string

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

operator String

A valid operator for the selected condition source. See List Condition Operators for possible values.

source String

The source field to check. See List Conditions for possible values.

value String

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

operator string

A valid operator for the selected condition source. See List Condition Operators for possible values.

source string

The source field to check. See List Conditions for possible values.

value string

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

operator str

A valid operator for the selected condition source. See List Condition Operators for possible values.

source str

The source field to check. See List Conditions for possible values.

value str

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

operator String

A valid operator for the selected condition source. See List Condition Operators for possible values.

source String

The source field to check. See List Conditions for possible values.

value String

An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.

Import

An App Rule cannot be imported at this time.

Package Details

Repository
https://github.com/pulumi/pulumi-onelogin
License
Apache-2.0
Notes

This Pulumi package is based on the onelogin Terraform Provider.