Viewing docs for Rancher 2 v12.0.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
Viewing docs for Rancher 2 v12.0.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
Create AuthConfigCognito Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthConfigCognito(name: string, args: AuthConfigCognitoArgs, opts?: CustomResourceOptions);@overload
def AuthConfigCognito(resource_name: str,
args: AuthConfigCognitoArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthConfigCognito(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
rancher_url: Optional[str] = None,
issuer: Optional[str] = None,
client_secret: Optional[str] = None,
group_search_enabled: Optional[bool] = None,
jwks_url: Optional[str] = None,
auth_endpoint: Optional[str] = None,
email_claim: Optional[str] = None,
enabled: Optional[bool] = None,
end_session_endpoint: Optional[str] = None,
access_mode: Optional[str] = None,
groups_field: Optional[str] = None,
annotations: Optional[Mapping[str, str]] = None,
certificate: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
logout_all_enabled: Optional[bool] = None,
logout_all_forced: Optional[bool] = None,
name_claim: Optional[str] = None,
private_key: Optional[str] = None,
allowed_principal_ids: Optional[Sequence[str]] = None,
scopes: Optional[str] = None,
token_endpoint: Optional[str] = None,
userinfo_endpoint: Optional[str] = None)func NewAuthConfigCognito(ctx *Context, name string, args AuthConfigCognitoArgs, opts ...ResourceOption) (*AuthConfigCognito, error)public AuthConfigCognito(string name, AuthConfigCognitoArgs args, CustomResourceOptions? opts = null)
public AuthConfigCognito(String name, AuthConfigCognitoArgs args)
public AuthConfigCognito(String name, AuthConfigCognitoArgs args, CustomResourceOptions options)
type: rancher2:AuthConfigCognito
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthConfigCognitoArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthConfigCognitoArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthConfigCognitoArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthConfigCognitoArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthConfigCognitoArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authConfigCognitoResource = new Rancher2.AuthConfigCognito("authConfigCognitoResource", new()
{
ClientId = "string",
RancherUrl = "string",
Issuer = "string",
ClientSecret = "string",
GroupSearchEnabled = false,
JwksUrl = "string",
AuthEndpoint = "string",
EmailClaim = "string",
Enabled = false,
EndSessionEndpoint = "string",
AccessMode = "string",
GroupsField = "string",
Annotations =
{
{ "string", "string" },
},
Certificate = "string",
Labels =
{
{ "string", "string" },
},
LogoutAllEnabled = false,
LogoutAllForced = false,
NameClaim = "string",
PrivateKey = "string",
AllowedPrincipalIds = new[]
{
"string",
},
Scopes = "string",
TokenEndpoint = "string",
UserinfoEndpoint = "string",
});
example, err := rancher2.NewAuthConfigCognito(ctx, "authConfigCognitoResource", &rancher2.AuthConfigCognitoArgs{
ClientId: pulumi.String("string"),
RancherUrl: pulumi.String("string"),
Issuer: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
GroupSearchEnabled: pulumi.Bool(false),
JwksUrl: pulumi.String("string"),
AuthEndpoint: pulumi.String("string"),
EmailClaim: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EndSessionEndpoint: pulumi.String("string"),
AccessMode: pulumi.String("string"),
GroupsField: pulumi.String("string"),
Annotations: pulumi.StringMap{
"string": pulumi.String("string"),
},
Certificate: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
LogoutAllEnabled: pulumi.Bool(false),
LogoutAllForced: pulumi.Bool(false),
NameClaim: pulumi.String("string"),
PrivateKey: pulumi.String("string"),
AllowedPrincipalIds: pulumi.StringArray{
pulumi.String("string"),
},
Scopes: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserinfoEndpoint: pulumi.String("string"),
})
var authConfigCognitoResource = new AuthConfigCognito("authConfigCognitoResource", AuthConfigCognitoArgs.builder()
.clientId("string")
.rancherUrl("string")
.issuer("string")
.clientSecret("string")
.groupSearchEnabled(false)
.jwksUrl("string")
.authEndpoint("string")
.emailClaim("string")
.enabled(false)
.endSessionEndpoint("string")
.accessMode("string")
.groupsField("string")
.annotations(Map.of("string", "string"))
.certificate("string")
.labels(Map.of("string", "string"))
.logoutAllEnabled(false)
.logoutAllForced(false)
.nameClaim("string")
.privateKey("string")
.allowedPrincipalIds("string")
.scopes("string")
.tokenEndpoint("string")
.userinfoEndpoint("string")
.build());
auth_config_cognito_resource = rancher2.AuthConfigCognito("authConfigCognitoResource",
client_id="string",
rancher_url="string",
issuer="string",
client_secret="string",
group_search_enabled=False,
jwks_url="string",
auth_endpoint="string",
email_claim="string",
enabled=False,
end_session_endpoint="string",
access_mode="string",
groups_field="string",
annotations={
"string": "string",
},
certificate="string",
labels={
"string": "string",
},
logout_all_enabled=False,
logout_all_forced=False,
name_claim="string",
private_key="string",
allowed_principal_ids=["string"],
scopes="string",
token_endpoint="string",
userinfo_endpoint="string")
const authConfigCognitoResource = new rancher2.AuthConfigCognito("authConfigCognitoResource", {
clientId: "string",
rancherUrl: "string",
issuer: "string",
clientSecret: "string",
groupSearchEnabled: false,
jwksUrl: "string",
authEndpoint: "string",
emailClaim: "string",
enabled: false,
endSessionEndpoint: "string",
accessMode: "string",
groupsField: "string",
annotations: {
string: "string",
},
certificate: "string",
labels: {
string: "string",
},
logoutAllEnabled: false,
logoutAllForced: false,
nameClaim: "string",
privateKey: "string",
allowedPrincipalIds: ["string"],
scopes: "string",
tokenEndpoint: "string",
userinfoEndpoint: "string",
});
type: rancher2:AuthConfigCognito
properties:
accessMode: string
allowedPrincipalIds:
- string
annotations:
string: string
authEndpoint: string
certificate: string
clientId: string
clientSecret: string
emailClaim: string
enabled: false
endSessionEndpoint: string
groupSearchEnabled: false
groupsField: string
issuer: string
jwksUrl: string
labels:
string: string
logoutAllEnabled: false
logoutAllForced: false
nameClaim: string
privateKey: string
rancherUrl: string
scopes: string
tokenEndpoint: string
userinfoEndpoint: string
AuthConfigCognito Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthConfigCognito resource accepts the following input properties:
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Issuer string
- The OIDC issuer URL.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Access
Mode string - Allowed
Principal List<string>Ids - Annotations Dictionary<string, string>
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Jwks
Url string - The OIDC JWKS URL.
- Labels Dictionary<string, string>
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Issuer string
- The OIDC issuer URL.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Access
Mode string - Allowed
Principal []stringIds - Annotations map[string]string
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Jwks
Url string - The OIDC JWKS URL.
- Labels map[string]string
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- issuer String
- The OIDC issuer URL.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String,String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String,String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
- client
Id string - The OIDC Client ID.
- client
Secret string - The OIDC Client Secret.
- issuer string
- The OIDC issuer URL.
- rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode string - allowed
Principal string[]Ids - annotations {[key: string]: string}
- Annotations of the resource
- auth
Endpoint string - The OIDC Auth Endpoint URL.
- certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- email
Claim string - The OIDC Claim to use for the user email.
- enabled boolean
- end
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search booleanEnabled - Enable group search.
- groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- jwks
Url string - The OIDC JWKS URL.
- labels {[key: string]: string}
- Labels of the resource
- logout
All booleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All booleanForced - Force the user to logout of their session with the IdP.
- name
Claim string - The OIDC Claim to use for the user name.
- private
Key string - A PEM-encoded private key for the OIDC provider.
- scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint string - The OIDC Token Endpoint URL.
- userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- client_
id str - The OIDC Client ID.
- client_
secret str - The OIDC Client Secret.
- issuer str
- The OIDC issuer URL.
- rancher_
url str - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access_
mode str - allowed_
principal_ Sequence[str]ids - annotations Mapping[str, str]
- Annotations of the resource
- auth_
endpoint str - The OIDC Auth Endpoint URL.
- certificate str
- A PEM-encoded CA certificate for the OIDC provider.
- email_
claim str - The OIDC Claim to use for the user email.
- enabled bool
- end_
session_ strendpoint - The provider specific URL used for logging a user out of their session.
- group_
search_ boolenabled - Enable group search.
- groups_
field str - The name of the OIDC claim to use for the user's group memberships.
- jwks_
url str - The OIDC JWKS URL.
- labels Mapping[str, str]
- Labels of the resource
- logout_
all_ boolenabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout_
all_ boolforced - Force the user to logout of their session with the IdP.
- name_
claim str - The OIDC Claim to use for the user name.
- private_
key str - A PEM-encoded private key for the OIDC provider.
- scopes str
- The OIDC scopes to request. Defaults to
openid profile email. - token_
endpoint str - The OIDC Token Endpoint URL.
- userinfo_
endpoint str - The OIDC User Info Endpoint URL.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- issuer String
- The OIDC issuer URL.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthConfigCognito resource produces the following output properties:
Look up Existing AuthConfigCognito Resource
Get an existing AuthConfigCognito resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthConfigCognitoState, opts?: CustomResourceOptions): AuthConfigCognito@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_mode: Optional[str] = None,
allowed_principal_ids: Optional[Sequence[str]] = None,
annotations: Optional[Mapping[str, str]] = None,
auth_endpoint: Optional[str] = None,
certificate: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
email_claim: Optional[str] = None,
enabled: Optional[bool] = None,
end_session_endpoint: Optional[str] = None,
group_search_enabled: Optional[bool] = None,
groups_field: Optional[str] = None,
issuer: Optional[str] = None,
jwks_url: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
logout_all_enabled: Optional[bool] = None,
logout_all_forced: Optional[bool] = None,
name: Optional[str] = None,
name_claim: Optional[str] = None,
private_key: Optional[str] = None,
rancher_url: Optional[str] = None,
scopes: Optional[str] = None,
token_endpoint: Optional[str] = None,
type: Optional[str] = None,
userinfo_endpoint: Optional[str] = None) -> AuthConfigCognitofunc GetAuthConfigCognito(ctx *Context, name string, id IDInput, state *AuthConfigCognitoState, opts ...ResourceOption) (*AuthConfigCognito, error)public static AuthConfigCognito Get(string name, Input<string> id, AuthConfigCognitoState? state, CustomResourceOptions? opts = null)public static AuthConfigCognito get(String name, Output<String> id, AuthConfigCognitoState state, CustomResourceOptions options)resources: _: type: rancher2:AuthConfigCognito get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Mode string - Allowed
Principal List<string>Ids - Annotations Dictionary<string, string>
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Issuer string
- The OIDC issuer URL.
- Jwks
Url string - The OIDC JWKS URL.
- Labels Dictionary<string, string>
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name string
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Type string
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- Access
Mode string - Allowed
Principal []stringIds - Annotations map[string]string
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Issuer string
- The OIDC issuer URL.
- Jwks
Url string - The OIDC JWKS URL.
- Labels map[string]string
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name string
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Type string
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String,String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- issuer String
- The OIDC issuer URL.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String,String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name String
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- type String
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
- access
Mode string - allowed
Principal string[]Ids - annotations {[key: string]: string}
- Annotations of the resource
- auth
Endpoint string - The OIDC Auth Endpoint URL.
- certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id string - The OIDC Client ID.
- client
Secret string - The OIDC Client Secret.
- email
Claim string - The OIDC Claim to use for the user email.
- enabled boolean
- end
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search booleanEnabled - Enable group search.
- groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- issuer string
- The OIDC issuer URL.
- jwks
Url string - The OIDC JWKS URL.
- labels {[key: string]: string}
- Labels of the resource
- logout
All booleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All booleanForced - Force the user to logout of their session with the IdP.
- name string
- name
Claim string - The OIDC Claim to use for the user name.
- private
Key string - A PEM-encoded private key for the OIDC provider.
- rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint string - The OIDC Token Endpoint URL.
- type string
- userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- access_
mode str - allowed_
principal_ Sequence[str]ids - annotations Mapping[str, str]
- Annotations of the resource
- auth_
endpoint str - The OIDC Auth Endpoint URL.
- certificate str
- A PEM-encoded CA certificate for the OIDC provider.
- client_
id str - The OIDC Client ID.
- client_
secret str - The OIDC Client Secret.
- email_
claim str - The OIDC Claim to use for the user email.
- enabled bool
- end_
session_ strendpoint - The provider specific URL used for logging a user out of their session.
- group_
search_ boolenabled - Enable group search.
- groups_
field str - The name of the OIDC claim to use for the user's group memberships.
- issuer str
- The OIDC issuer URL.
- jwks_
url str - The OIDC JWKS URL.
- labels Mapping[str, str]
- Labels of the resource
- logout_
all_ boolenabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout_
all_ boolforced - Force the user to logout of their session with the IdP.
- name str
- name_
claim str - The OIDC Claim to use for the user name.
- private_
key str - A PEM-encoded private key for the OIDC provider.
- rancher_
url str - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes str
- The OIDC scopes to request. Defaults to
openid profile email. - token_
endpoint str - The OIDC Token Endpoint URL.
- type str
- userinfo_
endpoint str - The OIDC User Info Endpoint URL.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- issuer String
- The OIDC issuer URL.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name String
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- type String
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
Package Details
- Repository
- Rancher2 pulumi/pulumi-rancher2
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
rancher2Terraform Provider.
Viewing docs for Rancher 2 v12.0.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
