Rancher 2 v11.0.0 published on Wednesday, Dec 24, 2025 by Pulumi
Rancher 2 v11.0.0 published on Wednesday, Dec 24, 2025 by Pulumi
Provides a Rancher v2 Auth Config Generic OIDC resource. This can be used to configure and enable the Generic OIDC authentication provider for Rancher v2.
In addition to the built-in local auth, only one external auth config provider can be enabled at a time.
Example Usage
This example configures Rancher to use GitLab as a Generic OIDC provider.
import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";
const genericOidc = new rancher2.AuthConfigGenericOidc("generic_oidc", {
name: "genericoidc",
clientId: "<GITLAB_APPLICATION_ID>",
clientSecret: "<GITLAB_CLIENT_SECRET>",
issuer: "https://gitlab.com",
rancherUrl: "https://<RANCHER_URL>/verify-auth",
scopes: "openid profile email read_api",
groupsField: "groups",
groupSearchEnabled: true,
});
import pulumi
import pulumi_rancher2 as rancher2
generic_oidc = rancher2.AuthConfigGenericOidc("generic_oidc",
name="genericoidc",
client_id="<GITLAB_APPLICATION_ID>",
client_secret="<GITLAB_CLIENT_SECRET>",
issuer="https://gitlab.com",
rancher_url="https://<RANCHER_URL>/verify-auth",
scopes="openid profile email read_api",
groups_field="groups",
group_search_enabled=True)
package main
import (
"github.com/pulumi/pulumi-rancher2/sdk/v11/go/rancher2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := rancher2.NewAuthConfigGenericOidc(ctx, "generic_oidc", &rancher2.AuthConfigGenericOidcArgs{
Name: "genericoidc",
ClientId: pulumi.String("<GITLAB_APPLICATION_ID>"),
ClientSecret: pulumi.String("<GITLAB_CLIENT_SECRET>"),
Issuer: pulumi.String("https://gitlab.com"),
RancherUrl: pulumi.String("https://<RANCHER_URL>/verify-auth"),
Scopes: pulumi.String("openid profile email read_api"),
GroupsField: pulumi.String("groups"),
GroupSearchEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Rancher2 = Pulumi.Rancher2;
return await Deployment.RunAsync(() =>
{
var genericOidc = new Rancher2.AuthConfigGenericOidc("generic_oidc", new()
{
Name = "genericoidc",
ClientId = "<GITLAB_APPLICATION_ID>",
ClientSecret = "<GITLAB_CLIENT_SECRET>",
Issuer = "https://gitlab.com",
RancherUrl = "https://<RANCHER_URL>/verify-auth",
Scopes = "openid profile email read_api",
GroupsField = "groups",
GroupSearchEnabled = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.rancher2.AuthConfigGenericOidc;
import com.pulumi.rancher2.AuthConfigGenericOidcArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var genericOidc = new AuthConfigGenericOidc("genericOidc", AuthConfigGenericOidcArgs.builder()
.name("genericoidc")
.clientId("<GITLAB_APPLICATION_ID>")
.clientSecret("<GITLAB_CLIENT_SECRET>")
.issuer("https://gitlab.com")
.rancherUrl("https://<RANCHER_URL>/verify-auth")
.scopes("openid profile email read_api")
.groupsField("groups")
.groupSearchEnabled(true)
.build());
}
}
resources:
genericOidc:
type: rancher2:AuthConfigGenericOidc
name: generic_oidc
properties:
name: genericoidc
clientId: <GITLAB_APPLICATION_ID>
clientSecret: <GITLAB_CLIENT_SECRET>
issuer: https://gitlab.com
rancherUrl: https://<RANCHER_URL>/verify-auth
scopes: openid profile email read_api
groupsField: groups
groupSearchEnabled: true
Create AuthConfigGenericOidc Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthConfigGenericOidc(name: string, args: AuthConfigGenericOidcArgs, opts?: CustomResourceOptions);@overload
def AuthConfigGenericOidc(resource_name: str,
args: AuthConfigGenericOidcArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthConfigGenericOidc(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
rancher_url: Optional[str] = None,
issuer: Optional[str] = None,
client_secret: Optional[str] = None,
group_search_enabled: Optional[bool] = None,
jwks_url: Optional[str] = None,
auth_endpoint: Optional[str] = None,
enabled: Optional[bool] = None,
access_mode: Optional[str] = None,
groups_field: Optional[str] = None,
annotations: Optional[Mapping[str, str]] = None,
certificate: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
private_key: Optional[str] = None,
allowed_principal_ids: Optional[Sequence[str]] = None,
scopes: Optional[str] = None,
token_endpoint: Optional[str] = None,
userinfo_endpoint: Optional[str] = None)func NewAuthConfigGenericOidc(ctx *Context, name string, args AuthConfigGenericOidcArgs, opts ...ResourceOption) (*AuthConfigGenericOidc, error)public AuthConfigGenericOidc(string name, AuthConfigGenericOidcArgs args, CustomResourceOptions? opts = null)
public AuthConfigGenericOidc(String name, AuthConfigGenericOidcArgs args)
public AuthConfigGenericOidc(String name, AuthConfigGenericOidcArgs args, CustomResourceOptions options)
type: rancher2:AuthConfigGenericOidc
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthConfigGenericOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthConfigGenericOidcArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthConfigGenericOidcArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthConfigGenericOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthConfigGenericOidcArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authConfigGenericOidcResource = new Rancher2.AuthConfigGenericOidc("authConfigGenericOidcResource", new()
{
ClientId = "string",
RancherUrl = "string",
Issuer = "string",
ClientSecret = "string",
GroupSearchEnabled = false,
JwksUrl = "string",
AuthEndpoint = "string",
Enabled = false,
AccessMode = "string",
GroupsField = "string",
Annotations =
{
{ "string", "string" },
},
Certificate = "string",
Labels =
{
{ "string", "string" },
},
PrivateKey = "string",
AllowedPrincipalIds = new[]
{
"string",
},
Scopes = "string",
TokenEndpoint = "string",
UserinfoEndpoint = "string",
});
example, err := rancher2.NewAuthConfigGenericOidc(ctx, "authConfigGenericOidcResource", &rancher2.AuthConfigGenericOidcArgs{
ClientId: pulumi.String("string"),
RancherUrl: pulumi.String("string"),
Issuer: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
GroupSearchEnabled: pulumi.Bool(false),
JwksUrl: pulumi.String("string"),
AuthEndpoint: pulumi.String("string"),
Enabled: pulumi.Bool(false),
AccessMode: pulumi.String("string"),
GroupsField: pulumi.String("string"),
Annotations: pulumi.StringMap{
"string": pulumi.String("string"),
},
Certificate: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
PrivateKey: pulumi.String("string"),
AllowedPrincipalIds: pulumi.StringArray{
pulumi.String("string"),
},
Scopes: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserinfoEndpoint: pulumi.String("string"),
})
var authConfigGenericOidcResource = new AuthConfigGenericOidc("authConfigGenericOidcResource", AuthConfigGenericOidcArgs.builder()
.clientId("string")
.rancherUrl("string")
.issuer("string")
.clientSecret("string")
.groupSearchEnabled(false)
.jwksUrl("string")
.authEndpoint("string")
.enabled(false)
.accessMode("string")
.groupsField("string")
.annotations(Map.of("string", "string"))
.certificate("string")
.labels(Map.of("string", "string"))
.privateKey("string")
.allowedPrincipalIds("string")
.scopes("string")
.tokenEndpoint("string")
.userinfoEndpoint("string")
.build());
auth_config_generic_oidc_resource = rancher2.AuthConfigGenericOidc("authConfigGenericOidcResource",
client_id="string",
rancher_url="string",
issuer="string",
client_secret="string",
group_search_enabled=False,
jwks_url="string",
auth_endpoint="string",
enabled=False,
access_mode="string",
groups_field="string",
annotations={
"string": "string",
},
certificate="string",
labels={
"string": "string",
},
private_key="string",
allowed_principal_ids=["string"],
scopes="string",
token_endpoint="string",
userinfo_endpoint="string")
const authConfigGenericOidcResource = new rancher2.AuthConfigGenericOidc("authConfigGenericOidcResource", {
clientId: "string",
rancherUrl: "string",
issuer: "string",
clientSecret: "string",
groupSearchEnabled: false,
jwksUrl: "string",
authEndpoint: "string",
enabled: false,
accessMode: "string",
groupsField: "string",
annotations: {
string: "string",
},
certificate: "string",
labels: {
string: "string",
},
privateKey: "string",
allowedPrincipalIds: ["string"],
scopes: "string",
tokenEndpoint: "string",
userinfoEndpoint: "string",
});
type: rancher2:AuthConfigGenericOidc
properties:
accessMode: string
allowedPrincipalIds:
- string
annotations:
string: string
authEndpoint: string
certificate: string
clientId: string
clientSecret: string
enabled: false
groupSearchEnabled: false
groupsField: string
issuer: string
jwksUrl: string
labels:
string: string
privateKey: string
rancherUrl: string
scopes: string
tokenEndpoint: string
userinfoEndpoint: string
AuthConfigGenericOidc Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthConfigGenericOidc resource accepts the following input properties:
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Issuer string
- The OIDC issuer URL.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Access
Mode string - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - Allowed
Principal List<string>Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - Annotations Dictionary<string, string>
- Annotations of the resource (map)
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Enabled bool
- Enable the auth config provider. Default
true(bool) - Group
Search boolEnabled - Enable group search. Default
false(bool) - Groups
Field string - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - Jwks
Url string - The OIDC JWKS URL.
- Labels Dictionary<string, string>
- Labels of the resource (map)
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email(string) - Token
Endpoint string - The OIDC Token Endpoint URL.
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Issuer string
- The OIDC issuer URL.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Access
Mode string - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - Allowed
Principal []stringIds - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - Annotations map[string]string
- Annotations of the resource (map)
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Enabled bool
- Enable the auth config provider. Default
true(bool) - Group
Search boolEnabled - Enable group search. Default
false(bool) - Groups
Field string - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - Jwks
Url string - The OIDC JWKS URL.
- Labels map[string]string
- Labels of the resource (map)
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email(string) - Token
Endpoint string - The OIDC Token Endpoint URL.
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- issuer String
- The OIDC issuer URL.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode String - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed
Principal List<String>Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations Map<String,String>
- Annotations of the resource (map)
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- enabled Boolean
- Enable the auth config provider. Default
true(bool) - group
Search BooleanEnabled - Enable group search. Default
false(bool) - groups
Field String - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - jwks
Url String - The OIDC JWKS URL.
- labels Map<String,String>
- Labels of the resource (map)
- private
Key String - A PEM-encoded private key for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email(string) - token
Endpoint String - The OIDC Token Endpoint URL.
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
- client
Id string - The OIDC Client ID.
- client
Secret string - The OIDC Client Secret.
- issuer string
- The OIDC issuer URL.
- rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode string - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed
Principal string[]Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations {[key: string]: string}
- Annotations of the resource (map)
- auth
Endpoint string - The OIDC Auth Endpoint URL.
- certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- enabled boolean
- Enable the auth config provider. Default
true(bool) - group
Search booleanEnabled - Enable group search. Default
false(bool) - groups
Field string - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - jwks
Url string - The OIDC JWKS URL.
- labels {[key: string]: string}
- Labels of the resource (map)
- private
Key string - A PEM-encoded private key for the OIDC provider.
- scopes string
- The OIDC scopes to request. Defaults to
openid profile email(string) - token
Endpoint string - The OIDC Token Endpoint URL.
- userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- client_
id str - The OIDC Client ID.
- client_
secret str - The OIDC Client Secret.
- issuer str
- The OIDC issuer URL.
- rancher_
url str - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access_
mode str - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed_
principal_ Sequence[str]ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations Mapping[str, str]
- Annotations of the resource (map)
- auth_
endpoint str - The OIDC Auth Endpoint URL.
- certificate str
- A PEM-encoded CA certificate for the OIDC provider.
- enabled bool
- Enable the auth config provider. Default
true(bool) - group_
search_ boolenabled - Enable group search. Default
false(bool) - groups_
field str - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - jwks_
url str - The OIDC JWKS URL.
- labels Mapping[str, str]
- Labels of the resource (map)
- private_
key str - A PEM-encoded private key for the OIDC provider.
- scopes str
- The OIDC scopes to request. Defaults to
openid profile email(string) - token_
endpoint str - The OIDC Token Endpoint URL.
- userinfo_
endpoint str - The OIDC User Info Endpoint URL.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- issuer String
- The OIDC issuer URL.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode String - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed
Principal List<String>Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations Map<String>
- Annotations of the resource (map)
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- enabled Boolean
- Enable the auth config provider. Default
true(bool) - group
Search BooleanEnabled - Enable group search. Default
false(bool) - groups
Field String - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - jwks
Url String - The OIDC JWKS URL.
- labels Map<String>
- Labels of the resource (map)
- private
Key String - A PEM-encoded private key for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email(string) - token
Endpoint String - The OIDC Token Endpoint URL.
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthConfigGenericOidc resource produces the following output properties:
Look up Existing AuthConfigGenericOidc Resource
Get an existing AuthConfigGenericOidc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthConfigGenericOidcState, opts?: CustomResourceOptions): AuthConfigGenericOidc@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_mode: Optional[str] = None,
allowed_principal_ids: Optional[Sequence[str]] = None,
annotations: Optional[Mapping[str, str]] = None,
auth_endpoint: Optional[str] = None,
certificate: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
enabled: Optional[bool] = None,
group_search_enabled: Optional[bool] = None,
groups_field: Optional[str] = None,
issuer: Optional[str] = None,
jwks_url: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
private_key: Optional[str] = None,
rancher_url: Optional[str] = None,
scopes: Optional[str] = None,
token_endpoint: Optional[str] = None,
type: Optional[str] = None,
userinfo_endpoint: Optional[str] = None) -> AuthConfigGenericOidcfunc GetAuthConfigGenericOidc(ctx *Context, name string, id IDInput, state *AuthConfigGenericOidcState, opts ...ResourceOption) (*AuthConfigGenericOidc, error)public static AuthConfigGenericOidc Get(string name, Input<string> id, AuthConfigGenericOidcState? state, CustomResourceOptions? opts = null)public static AuthConfigGenericOidc get(String name, Output<String> id, AuthConfigGenericOidcState state, CustomResourceOptions options)resources: _: type: rancher2:AuthConfigGenericOidc get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Mode string - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - Allowed
Principal List<string>Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - Annotations Dictionary<string, string>
- Annotations of the resource (map)
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Enabled bool
- Enable the auth config provider. Default
true(bool) - Group
Search boolEnabled - Enable group search. Default
false(bool) - Groups
Field string - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - Issuer string
- The OIDC issuer URL.
- Jwks
Url string - The OIDC JWKS URL.
- Labels Dictionary<string, string>
- Labels of the resource (map)
- Name string
- (Computed) The name of the resource (string)
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email(string) - Token
Endpoint string - The OIDC Token Endpoint URL.
- Type string
- (Computed) The type of the resource (string)
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- Access
Mode string - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - Allowed
Principal []stringIds - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - Annotations map[string]string
- Annotations of the resource (map)
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Enabled bool
- Enable the auth config provider. Default
true(bool) - Group
Search boolEnabled - Enable group search. Default
false(bool) - Groups
Field string - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - Issuer string
- The OIDC issuer URL.
- Jwks
Url string - The OIDC JWKS URL.
- Labels map[string]string
- Labels of the resource (map)
- Name string
- (Computed) The name of the resource (string)
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email(string) - Token
Endpoint string - The OIDC Token Endpoint URL.
- Type string
- (Computed) The type of the resource (string)
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- access
Mode String - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed
Principal List<String>Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations Map<String,String>
- Annotations of the resource (map)
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- enabled Boolean
- Enable the auth config provider. Default
true(bool) - group
Search BooleanEnabled - Enable group search. Default
false(bool) - groups
Field String - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - issuer String
- The OIDC issuer URL.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String,String>
- Labels of the resource (map)
- name String
- (Computed) The name of the resource (string)
- private
Key String - A PEM-encoded private key for the OIDC provider.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email(string) - token
Endpoint String - The OIDC Token Endpoint URL.
- type String
- (Computed) The type of the resource (string)
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
- access
Mode string - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed
Principal string[]Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations {[key: string]: string}
- Annotations of the resource (map)
- auth
Endpoint string - The OIDC Auth Endpoint URL.
- certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id string - The OIDC Client ID.
- client
Secret string - The OIDC Client Secret.
- enabled boolean
- Enable the auth config provider. Default
true(bool) - group
Search booleanEnabled - Enable group search. Default
false(bool) - groups
Field string - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - issuer string
- The OIDC issuer URL.
- jwks
Url string - The OIDC JWKS URL.
- labels {[key: string]: string}
- Labels of the resource (map)
- name string
- (Computed) The name of the resource (string)
- private
Key string - A PEM-encoded private key for the OIDC provider.
- rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes string
- The OIDC scopes to request. Defaults to
openid profile email(string) - token
Endpoint string - The OIDC Token Endpoint URL.
- type string
- (Computed) The type of the resource (string)
- userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- access_
mode str - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed_
principal_ Sequence[str]ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations Mapping[str, str]
- Annotations of the resource (map)
- auth_
endpoint str - The OIDC Auth Endpoint URL.
- certificate str
- A PEM-encoded CA certificate for the OIDC provider.
- client_
id str - The OIDC Client ID.
- client_
secret str - The OIDC Client Secret.
- enabled bool
- Enable the auth config provider. Default
true(bool) - group_
search_ boolenabled - Enable group search. Default
false(bool) - groups_
field str - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - issuer str
- The OIDC issuer URL.
- jwks_
url str - The OIDC JWKS URL.
- labels Mapping[str, str]
- Labels of the resource (map)
- name str
- (Computed) The name of the resource (string)
- private_
key str - A PEM-encoded private key for the OIDC provider.
- rancher_
url str - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes str
- The OIDC scopes to request. Defaults to
openid profile email(string) - token_
endpoint str - The OIDC Token Endpoint URL.
- type str
- (Computed) The type of the resource (string)
- userinfo_
endpoint str - The OIDC User Info Endpoint URL.
- access
Mode String - Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string) - allowed
Principal List<String>Ids - Allowed principal IDs for auth. Required if
access_modeisrequiredorrestricted. Ex:genericoidc_user://<USER_ID>genericoidc_group://<GROUP_ID>(list) - annotations Map<String>
- Annotations of the resource (map)
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- enabled Boolean
- Enable the auth config provider. Default
true(bool) - group
Search BooleanEnabled - Enable group search. Default
false(bool) - groups
Field String - The name of the OIDC claim to use for the user's group memberships. Default
groups(string) - issuer String
- The OIDC issuer URL.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String>
- Labels of the resource (map)
- name String
- (Computed) The name of the resource (string)
- private
Key String - A PEM-encoded private key for the OIDC provider.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email(string) - token
Endpoint String - The OIDC Token Endpoint URL.
- type String
- (Computed) The type of the resource (string)
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
Import
Generic OIDC auth config can be imported using its name.
$ pulumi import rancher2:index/authConfigGenericOidc:AuthConfigGenericOidc generic_oidc genericoidc
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Rancher2 pulumi/pulumi-rancher2
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
rancher2Terraform Provider.
Rancher 2 v11.0.0 published on Wednesday, Dec 24, 2025 by Pulumi
