Docs Home
opentelekomcloud.IdentityProvider
Explore with Pulumi AI
Up-to-date reference of API arguments for IAM provider you can get at documentation portal
You must have security admin privileges in your OpenTelekomCloud cloud to use this resource. Please refer to User Management Model.
Example Usage
Create a SAML protocol provider
import * as pulumi from "@pulumi/pulumi";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";
const provider1 = new opentelekomcloud.IdentityProvider("provider1", {
protocol: "saml",
mappingRules: JSON.stringify([{
local: [{
user: {
name: "samltestid",
},
}],
remote: [{
type: "uid",
}],
}]),
});
import pulumi
import json
import pulumi_opentelekomcloud as opentelekomcloud
provider1 = opentelekomcloud.IdentityProvider("provider1",
protocol="saml",
mapping_rules=json.dumps([{
"local": [{
"user": {
"name": "samltestid",
},
}],
"remote": [{
"type": "uid",
}],
}]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal([]map[string]interface{}{
map[string]interface{}{
"local": []map[string]interface{}{
map[string]interface{}{
"user": map[string]interface{}{
"name": "samltestid",
},
},
},
"remote": []map[string]interface{}{
map[string]interface{}{
"type": "uid",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opentelekomcloud.NewIdentityProvider(ctx, "provider1", &opentelekomcloud.IdentityProviderArgs{
Protocol: pulumi.String("saml"),
MappingRules: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;
return await Deployment.RunAsync(() =>
{
var provider1 = new Opentelekomcloud.IdentityProvider("provider1", new()
{
Protocol = "saml",
MappingRules = JsonSerializer.Serialize(new[]
{
new Dictionary<string, object?>
{
["local"] = new[]
{
new Dictionary<string, object?>
{
["user"] = new Dictionary<string, object?>
{
["name"] = "samltestid",
},
},
},
["remote"] = new[]
{
new Dictionary<string, object?>
{
["type"] = "uid",
},
},
},
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProvider;
import com.pulumi.opentelekomcloud.IdentityProviderArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var provider1 = new IdentityProvider("provider1", IdentityProviderArgs.builder()
.protocol("saml")
.mappingRules(serializeJson(
jsonArray(jsonObject(
jsonProperty("local", jsonArray(jsonObject(
jsonProperty("user", jsonObject(
jsonProperty("name", "samltestid")
))
))),
jsonProperty("remote", jsonArray(jsonObject(
jsonProperty("type", "uid")
)))
))))
.build());
}
}
resources:
provider1:
type: opentelekomcloud:IdentityProvider
properties:
protocol: saml
mappingRules:
fn::toJSON:
- local:
- user:
name: samltestid
remote:
- type: uid
Create a OpenID Connect protocol provider
import * as pulumi from "@pulumi/pulumi";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";
const provider2 = new opentelekomcloud.IdentityProvider("provider2", {
protocol: "oidc",
accessConfig: {
accessType: "program_console",
providerUrl: "https://accounts.example.com",
clientId: "your_client_id",
authorizationEndpoint: "https://accounts.example.com/o/oauth2/v2/auth",
scopes: ["openid"],
signingKey: JSON.stringify({
keys: [{
alg: "RS256",
e: "AQAB",
kid: "...",
kty: "RSA",
n: "...",
use: "sig",
}],
}),
},
});
import pulumi
import json
import pulumi_opentelekomcloud as opentelekomcloud
provider2 = opentelekomcloud.IdentityProvider("provider2",
protocol="oidc",
access_config={
"access_type": "program_console",
"provider_url": "https://accounts.example.com",
"client_id": "your_client_id",
"authorization_endpoint": "https://accounts.example.com/o/oauth2/v2/auth",
"scopes": ["openid"],
"signing_key": json.dumps({
"keys": [{
"alg": "RS256",
"e": "AQAB",
"kid": "...",
"kty": "RSA",
"n": "...",
"use": "sig",
}],
}),
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"keys": []map[string]interface{}{
map[string]interface{}{
"alg": "RS256",
"e": "AQAB",
"kid": "...",
"kty": "RSA",
"n": "...",
"use": "sig",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opentelekomcloud.NewIdentityProvider(ctx, "provider2", &opentelekomcloud.IdentityProviderArgs{
Protocol: pulumi.String("oidc"),
AccessConfig: &opentelekomcloud.IdentityProviderAccessConfigArgs{
AccessType: pulumi.String("program_console"),
ProviderUrl: pulumi.String("https://accounts.example.com"),
ClientId: pulumi.String("your_client_id"),
AuthorizationEndpoint: pulumi.String("https://accounts.example.com/o/oauth2/v2/auth"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
},
SigningKey: pulumi.String(json0),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;
return await Deployment.RunAsync(() =>
{
var provider2 = new Opentelekomcloud.IdentityProvider("provider2", new()
{
Protocol = "oidc",
AccessConfig = new Opentelekomcloud.Inputs.IdentityProviderAccessConfigArgs
{
AccessType = "program_console",
ProviderUrl = "https://accounts.example.com",
ClientId = "your_client_id",
AuthorizationEndpoint = "https://accounts.example.com/o/oauth2/v2/auth",
Scopes = new[]
{
"openid",
},
SigningKey = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["keys"] = new[]
{
new Dictionary<string, object?>
{
["alg"] = "RS256",
["e"] = "AQAB",
["kid"] = "...",
["kty"] = "RSA",
["n"] = "...",
["use"] = "sig",
},
},
}),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProvider;
import com.pulumi.opentelekomcloud.IdentityProviderArgs;
import com.pulumi.opentelekomcloud.inputs.IdentityProviderAccessConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var provider2 = new IdentityProvider("provider2", IdentityProviderArgs.builder()
.protocol("oidc")
.accessConfig(IdentityProviderAccessConfigArgs.builder()
.accessType("program_console")
.providerUrl("https://accounts.example.com")
.clientId("your_client_id")
.authorizationEndpoint("https://accounts.example.com/o/oauth2/v2/auth")
.scopes("openid")
.signingKey(serializeJson(
jsonObject(
jsonProperty("keys", jsonArray(jsonObject(
jsonProperty("alg", "RS256"),
jsonProperty("e", "AQAB"),
jsonProperty("kid", "..."),
jsonProperty("kty", "RSA"),
jsonProperty("n", "..."),
jsonProperty("use", "sig")
)))
)))
.build())
.build());
}
}
resources:
provider2:
type: opentelekomcloud:IdentityProvider
properties:
protocol: oidc
accessConfig:
accessType: program_console
providerUrl: https://accounts.example.com
clientId: your_client_id
authorizationEndpoint: https://accounts.example.com/o/oauth2/v2/auth
scopes:
- openid
signingKey:
fn::toJSON:
keys:
- alg: RS256
e: AQAB
kid: '...'
kty: RSA
n: '...'
use: sig
Create IdentityProvider Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IdentityProvider(name: string, args: IdentityProviderArgs, opts?: CustomResourceOptions);@overload
def IdentityProvider(resource_name: str,
args: IdentityProviderArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IdentityProvider(resource_name: str,
opts: Optional[ResourceOptions] = None,
protocol: Optional[str] = None,
access_config: Optional[IdentityProviderAccessConfigArgs] = None,
description: Optional[str] = None,
identity_provider_id: Optional[str] = None,
mapping_rules: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
status: Optional[bool] = None)func NewIdentityProvider(ctx *Context, name string, args IdentityProviderArgs, opts ...ResourceOption) (*IdentityProvider, error)public IdentityProvider(string name, IdentityProviderArgs args, CustomResourceOptions? opts = null)
public IdentityProvider(String name, IdentityProviderArgs args)
public IdentityProvider(String name, IdentityProviderArgs args, CustomResourceOptions options)
type: opentelekomcloud:IdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IdentityProviderArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IdentityProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IdentityProviderArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var identityProviderResource = new Opentelekomcloud.IdentityProvider("identityProviderResource", new()
{
Protocol = "string",
AccessConfig = new Opentelekomcloud.Inputs.IdentityProviderAccessConfigArgs
{
AccessType = "string",
ClientId = "string",
ProviderUrl = "string",
SigningKey = "string",
AuthorizationEndpoint = "string",
ResponseMode = "string",
ResponseType = "string",
Scopes = new[]
{
"string",
},
},
Description = "string",
IdentityProviderId = "string",
MappingRules = "string",
Metadata = "string",
Name = "string",
Status = false,
});
example, err := opentelekomcloud.NewIdentityProvider(ctx, "identityProviderResource", &opentelekomcloud.IdentityProviderArgs{
Protocol: pulumi.String("string"),
AccessConfig: &opentelekomcloud.IdentityProviderAccessConfigArgs{
AccessType: pulumi.String("string"),
ClientId: pulumi.String("string"),
ProviderUrl: pulumi.String("string"),
SigningKey: pulumi.String("string"),
AuthorizationEndpoint: pulumi.String("string"),
ResponseMode: pulumi.String("string"),
ResponseType: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
IdentityProviderId: pulumi.String("string"),
MappingRules: pulumi.String("string"),
Metadata: pulumi.String("string"),
Name: pulumi.String("string"),
Status: pulumi.Bool(false),
})
var identityProviderResource = new IdentityProvider("identityProviderResource", IdentityProviderArgs.builder()
.protocol("string")
.accessConfig(IdentityProviderAccessConfigArgs.builder()
.accessType("string")
.clientId("string")
.providerUrl("string")
.signingKey("string")
.authorizationEndpoint("string")
.responseMode("string")
.responseType("string")
.scopes("string")
.build())
.description("string")
.identityProviderId("string")
.mappingRules("string")
.metadata("string")
.name("string")
.status(false)
.build());
identity_provider_resource = opentelekomcloud.IdentityProvider("identityProviderResource",
protocol="string",
access_config={
"access_type": "string",
"client_id": "string",
"provider_url": "string",
"signing_key": "string",
"authorization_endpoint": "string",
"response_mode": "string",
"response_type": "string",
"scopes": ["string"],
},
description="string",
identity_provider_id="string",
mapping_rules="string",
metadata="string",
name="string",
status=False)
const identityProviderResource = new opentelekomcloud.IdentityProvider("identityProviderResource", {
protocol: "string",
accessConfig: {
accessType: "string",
clientId: "string",
providerUrl: "string",
signingKey: "string",
authorizationEndpoint: "string",
responseMode: "string",
responseType: "string",
scopes: ["string"],
},
description: "string",
identityProviderId: "string",
mappingRules: "string",
metadata: "string",
name: "string",
status: false,
});
type: opentelekomcloud:IdentityProvider
properties:
accessConfig:
accessType: string
authorizationEndpoint: string
clientId: string
providerUrl: string
responseMode: string
responseType: string
scopes:
- string
signingKey: string
description: string
identityProviderId: string
mappingRules: string
metadata: string
name: string
protocol: string
status: false
IdentityProvider Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IdentityProvider resource accepts the following input properties:
- Protocol string
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- Access
Config IdentityProvider Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Description string
- Specifies the description of the identity provider.
- Identity
Provider stringId - A resource ID in UUID format.
- Mapping
Rules string - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - Metadata string
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- Name string
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- Status bool
- Enabled status for the identity provider. Default:
true.
- Protocol string
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- Access
Config IdentityProvider Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Description string
- Specifies the description of the identity provider.
- Identity
Provider stringId - A resource ID in UUID format.
- Mapping
Rules string - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - Metadata string
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- Name string
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- Status bool
- Enabled status for the identity provider. Default:
true.
- protocol String
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- access
Config IdentityProvider Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- description String
- Specifies the description of the identity provider.
- identity
Provider StringId - A resource ID in UUID format.
- mapping
Rules String - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata String
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name String
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- status Boolean
- Enabled status for the identity provider. Default:
true.
- protocol string
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- access
Config IdentityProvider Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- description string
- Specifies the description of the identity provider.
- identity
Provider stringId - A resource ID in UUID format.
- mapping
Rules string - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata string
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name string
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- status boolean
- Enabled status for the identity provider. Default:
true.
- protocol str
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- access_
config IdentityProvider Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- description str
- Specifies the description of the identity provider.
- identity_
provider_ strid - A resource ID in UUID format.
- mapping_
rules str - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata str
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name str
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- status bool
- Enabled status for the identity provider. Default:
true.
- protocol String
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- access
Config Property Map - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- description String
- Specifies the description of the identity provider.
- identity
Provider StringId - A resource ID in UUID format.
- mapping
Rules String - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata String
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name String
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- status Boolean
- Enabled status for the identity provider. Default:
true.
Outputs
All input properties are implicitly available as output properties. Additionally, the IdentityProvider resource produces the following output properties:
- Conversion
Rules List<IdentityProvider Conversion Rule> - The identity conversion rules of the identity provider. The structure is documented below.
- Id string
- The provider-assigned unique ID for this managed resource.
- Links Dictionary<string, string>
- Resource links of an identity mapping.
- Login
Link string - The login link of the identity provider.
- Conversion
Rules []IdentityProvider Conversion Rule - The identity conversion rules of the identity provider. The structure is documented below.
- Id string
- The provider-assigned unique ID for this managed resource.
- Links map[string]string
- Resource links of an identity mapping.
- Login
Link string - The login link of the identity provider.
- conversion
Rules List<IdentityProvider Conversion Rule> - The identity conversion rules of the identity provider. The structure is documented below.
- id String
- The provider-assigned unique ID for this managed resource.
- links Map<String,String>
- Resource links of an identity mapping.
- login
Link String - The login link of the identity provider.
- conversion
Rules IdentityProvider Conversion Rule[] - The identity conversion rules of the identity provider. The structure is documented below.
- id string
- The provider-assigned unique ID for this managed resource.
- links {[key: string]: string}
- Resource links of an identity mapping.
- login
Link string - The login link of the identity provider.
- conversion_
rules Sequence[IdentityProvider Conversion Rule] - The identity conversion rules of the identity provider. The structure is documented below.
- id str
- The provider-assigned unique ID for this managed resource.
- links Mapping[str, str]
- Resource links of an identity mapping.
- login_
link str - The login link of the identity provider.
- conversion
Rules List<Property Map> - The identity conversion rules of the identity provider. The structure is documented below.
- id String
- The provider-assigned unique ID for this managed resource.
- links Map<String>
- Resource links of an identity mapping.
- login
Link String - The login link of the identity provider.
Look up Existing IdentityProvider Resource
Get an existing IdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IdentityProviderState, opts?: CustomResourceOptions): IdentityProvider@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_config: Optional[IdentityProviderAccessConfigArgs] = None,
conversion_rules: Optional[Sequence[IdentityProviderConversionRuleArgs]] = None,
description: Optional[str] = None,
identity_provider_id: Optional[str] = None,
links: Optional[Mapping[str, str]] = None,
login_link: Optional[str] = None,
mapping_rules: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
protocol: Optional[str] = None,
status: Optional[bool] = None) -> IdentityProviderfunc GetIdentityProvider(ctx *Context, name string, id IDInput, state *IdentityProviderState, opts ...ResourceOption) (*IdentityProvider, error)public static IdentityProvider Get(string name, Input<string> id, IdentityProviderState? state, CustomResourceOptions? opts = null)public static IdentityProvider get(String name, Output<String> id, IdentityProviderState state, CustomResourceOptions options)resources: _: type: opentelekomcloud:IdentityProvider get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Config IdentityProvider Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Conversion
Rules List<IdentityProvider Conversion Rule> - The identity conversion rules of the identity provider. The structure is documented below.
- Description string
- Specifies the description of the identity provider.
- Identity
Provider stringId - A resource ID in UUID format.
- Links Dictionary<string, string>
- Resource links of an identity mapping.
- Login
Link string - The login link of the identity provider.
- Mapping
Rules string - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - Metadata string
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- Name string
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- Protocol string
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- Status bool
- Enabled status for the identity provider. Default:
true.
- Access
Config IdentityProvider Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Conversion
Rules []IdentityProvider Conversion Rule Args - The identity conversion rules of the identity provider. The structure is documented below.
- Description string
- Specifies the description of the identity provider.
- Identity
Provider stringId - A resource ID in UUID format.
- Links map[string]string
- Resource links of an identity mapping.
- Login
Link string - The login link of the identity provider.
- Mapping
Rules string - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - Metadata string
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- Name string
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- Protocol string
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- Status bool
- Enabled status for the identity provider. Default:
true.
- access
Config IdentityProvider Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- conversion
Rules List<IdentityProvider Conversion Rule> - The identity conversion rules of the identity provider. The structure is documented below.
- description String
- Specifies the description of the identity provider.
- identity
Provider StringId - A resource ID in UUID format.
- links Map<String,String>
- Resource links of an identity mapping.
- login
Link String - The login link of the identity provider.
- mapping
Rules String - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata String
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name String
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- protocol String
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- status Boolean
- Enabled status for the identity provider. Default:
true.
- access
Config IdentityProvider Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- conversion
Rules IdentityProvider Conversion Rule[] - The identity conversion rules of the identity provider. The structure is documented below.
- description string
- Specifies the description of the identity provider.
- identity
Provider stringId - A resource ID in UUID format.
- links {[key: string]: string}
- Resource links of an identity mapping.
- login
Link string - The login link of the identity provider.
- mapping
Rules string - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata string
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name string
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- protocol string
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- status boolean
- Enabled status for the identity provider. Default:
true.
- access_
config IdentityProvider Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- conversion_
rules Sequence[IdentityProvider Conversion Rule Args] - The identity conversion rules of the identity provider. The structure is documented below.
- description str
- Specifies the description of the identity provider.
- identity_
provider_ strid - A resource ID in UUID format.
- links Mapping[str, str]
- Resource links of an identity mapping.
- login_
link str - The login link of the identity provider.
- mapping_
rules str - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata str
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name str
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- protocol str
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- status bool
- Enabled status for the identity provider. Default:
true.
- access
Config Property Map - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- conversion
Rules List<Property Map> - The identity conversion rules of the identity provider. The structure is documented below.
- description String
- Specifies the description of the identity provider.
- identity
Provider StringId - A resource ID in UUID format.
- links Map<String>
- Resource links of an identity mapping.
- login
Link String - The login link of the identity provider.
- mapping
Rules String - Rules used to map federated users to local users.
Details on
mapping_rulesare available in this link underrulessection. - metadata String
Specifies the metadata of the IDP(Identity Provider) server. This field is used to import a metadata file to IAM to implement federated identity authentication. This field is required only if the protocol is set to saml. The maximum length is 30,000 characters and it stores in the state with SHA1 algorithm.
NOTE: The metadata file specifies API addresses and certificate information in compliance with the SAML 2.0 standard. It is usually stored in a file. In the TF script, you can import the metafile through the
filefunction, for example:metadata = file("/usr/local/data/files/metadata.txt")- name String
- Specifies the name of the identity provider to be registered. The maximum length is 64 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is unique, it is recommended to include domain name information. Changing this creates a new resource.
- protocol String
- Specifies the protocol of the identity provider. Valid values are saml and oidc.
- status Boolean
- Enabled status for the identity provider. Default:
true.
Supporting Types
IdentityProviderAccessConfig, IdentityProviderAccessConfigArgs
- Access
Type string - Specifies the access type of the identity provider. Available options are:
- Client
Id string - Specifies the ID of a client registered with the OpenID Connect identity provider.
- Provider
Url string - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- Signing
Key string - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- string
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - Response
Mode string - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - Response
Type string - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - Scopes List<string>
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- Access
Type string - Specifies the access type of the identity provider. Available options are:
- Client
Id string - Specifies the ID of a client registered with the OpenID Connect identity provider.
- Provider
Url string - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- Signing
Key string - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- string
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - Response
Mode string - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - Response
Type string - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - Scopes []string
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access
Type String - Specifies the access type of the identity provider. Available options are:
- client
Id String - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider
Url String - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing
Key String - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- String
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response
Mode String - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response
Type String - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes List<String>
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access
Type string - Specifies the access type of the identity provider. Available options are:
- client
Id string - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider
Url string - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing
Key string - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- string
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response
Mode string - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response
Type string - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes string[]
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access_
type str - Specifies the access type of the identity provider. Available options are:
- client_
id str - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider_
url str - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing_
key str - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- str
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response_
mode str - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response_
type str - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes Sequence[str]
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access
Type String - Specifies the access type of the identity provider. Available options are:
- client
Id String - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider
Url String - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing
Key String - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- String
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response
Mode String - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response
Type String - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes List<String>
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
IdentityProviderConversionRule, IdentityProviderConversionRuleArgs
- Locals
List<Identity
Provider Conversion Rule Local> - The federated user information on the cloud platform.
- Remotes
List<Identity
Provider Conversion Rule Remote> - The description of the identity provider.
- Locals
[]Identity
Provider Conversion Rule Local - The federated user information on the cloud platform.
- Remotes
[]Identity
Provider Conversion Rule Remote - The description of the identity provider.
- locals
List<Identity
Provider Conversion Rule Local> - The federated user information on the cloud platform.
- remotes
List<Identity
Provider Conversion Rule Remote> - The description of the identity provider.
- locals
Identity
Provider Conversion Rule Local[] - The federated user information on the cloud platform.
- remotes
Identity
Provider Conversion Rule Remote[] - The description of the identity provider.
- locals
Sequence[Identity
Provider Conversion Rule Local] - The federated user information on the cloud platform.
- remotes
Sequence[Identity
Provider Conversion Rule Remote] - The description of the identity provider.
- locals List<Property Map>
- The federated user information on the cloud platform.
- remotes List<Property Map>
- The description of the identity provider.
IdentityProviderConversionRuleLocal, IdentityProviderConversionRuleLocalArgs
IdentityProviderConversionRuleRemote, IdentityProviderConversionRuleRemoteArgs
Import
Identity provider can be imported using the name, e.g.
$ pulumi import opentelekomcloud:index/identityProvider:IdentityProvider provider_1 example_provider_saml
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- opentelekomcloud opentelekomcloud/terraform-provider-opentelekomcloud
- License
- Notes
- This Pulumi package is based on the
opentelekomcloudTerraform Provider.