Viewing docs for Rancher 2 v12.0.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
Viewing docs for Rancher 2 v12.0.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
Create AuthConfigKeycloakOidc Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthConfigKeycloakOidc(name: string, args: AuthConfigKeycloakOidcArgs, opts?: CustomResourceOptions);@overload
def AuthConfigKeycloakOidc(resource_name: str,
args: AuthConfigKeycloakOidcArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthConfigKeycloakOidc(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
rancher_url: Optional[str] = None,
issuer: Optional[str] = None,
client_secret: Optional[str] = None,
group_search_enabled: Optional[bool] = None,
jwks_url: Optional[str] = None,
auth_endpoint: Optional[str] = None,
email_claim: Optional[str] = None,
enabled: Optional[bool] = None,
end_session_endpoint: Optional[str] = None,
access_mode: Optional[str] = None,
groups_field: Optional[str] = None,
annotations: Optional[Mapping[str, str]] = None,
certificate: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
logout_all_enabled: Optional[bool] = None,
logout_all_forced: Optional[bool] = None,
name_claim: Optional[str] = None,
private_key: Optional[str] = None,
allowed_principal_ids: Optional[Sequence[str]] = None,
scopes: Optional[str] = None,
token_endpoint: Optional[str] = None,
userinfo_endpoint: Optional[str] = None)func NewAuthConfigKeycloakOidc(ctx *Context, name string, args AuthConfigKeycloakOidcArgs, opts ...ResourceOption) (*AuthConfigKeycloakOidc, error)public AuthConfigKeycloakOidc(string name, AuthConfigKeycloakOidcArgs args, CustomResourceOptions? opts = null)
public AuthConfigKeycloakOidc(String name, AuthConfigKeycloakOidcArgs args)
public AuthConfigKeycloakOidc(String name, AuthConfigKeycloakOidcArgs args, CustomResourceOptions options)
type: rancher2:AuthConfigKeycloakOidc
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthConfigKeycloakOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthConfigKeycloakOidcArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthConfigKeycloakOidcArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthConfigKeycloakOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthConfigKeycloakOidcArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authConfigKeycloakOidcResource = new Rancher2.AuthConfigKeycloakOidc("authConfigKeycloakOidcResource", new()
{
ClientId = "string",
RancherUrl = "string",
Issuer = "string",
ClientSecret = "string",
GroupSearchEnabled = false,
JwksUrl = "string",
AuthEndpoint = "string",
EmailClaim = "string",
Enabled = false,
EndSessionEndpoint = "string",
AccessMode = "string",
GroupsField = "string",
Annotations =
{
{ "string", "string" },
},
Certificate = "string",
Labels =
{
{ "string", "string" },
},
LogoutAllEnabled = false,
LogoutAllForced = false,
NameClaim = "string",
PrivateKey = "string",
AllowedPrincipalIds = new[]
{
"string",
},
Scopes = "string",
TokenEndpoint = "string",
UserinfoEndpoint = "string",
});
example, err := rancher2.NewAuthConfigKeycloakOidc(ctx, "authConfigKeycloakOidcResource", &rancher2.AuthConfigKeycloakOidcArgs{
ClientId: pulumi.String("string"),
RancherUrl: pulumi.String("string"),
Issuer: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
GroupSearchEnabled: pulumi.Bool(false),
JwksUrl: pulumi.String("string"),
AuthEndpoint: pulumi.String("string"),
EmailClaim: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EndSessionEndpoint: pulumi.String("string"),
AccessMode: pulumi.String("string"),
GroupsField: pulumi.String("string"),
Annotations: pulumi.StringMap{
"string": pulumi.String("string"),
},
Certificate: pulumi.String("string"),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
LogoutAllEnabled: pulumi.Bool(false),
LogoutAllForced: pulumi.Bool(false),
NameClaim: pulumi.String("string"),
PrivateKey: pulumi.String("string"),
AllowedPrincipalIds: pulumi.StringArray{
pulumi.String("string"),
},
Scopes: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserinfoEndpoint: pulumi.String("string"),
})
var authConfigKeycloakOidcResource = new AuthConfigKeycloakOidc("authConfigKeycloakOidcResource", AuthConfigKeycloakOidcArgs.builder()
.clientId("string")
.rancherUrl("string")
.issuer("string")
.clientSecret("string")
.groupSearchEnabled(false)
.jwksUrl("string")
.authEndpoint("string")
.emailClaim("string")
.enabled(false)
.endSessionEndpoint("string")
.accessMode("string")
.groupsField("string")
.annotations(Map.of("string", "string"))
.certificate("string")
.labels(Map.of("string", "string"))
.logoutAllEnabled(false)
.logoutAllForced(false)
.nameClaim("string")
.privateKey("string")
.allowedPrincipalIds("string")
.scopes("string")
.tokenEndpoint("string")
.userinfoEndpoint("string")
.build());
auth_config_keycloak_oidc_resource = rancher2.AuthConfigKeycloakOidc("authConfigKeycloakOidcResource",
client_id="string",
rancher_url="string",
issuer="string",
client_secret="string",
group_search_enabled=False,
jwks_url="string",
auth_endpoint="string",
email_claim="string",
enabled=False,
end_session_endpoint="string",
access_mode="string",
groups_field="string",
annotations={
"string": "string",
},
certificate="string",
labels={
"string": "string",
},
logout_all_enabled=False,
logout_all_forced=False,
name_claim="string",
private_key="string",
allowed_principal_ids=["string"],
scopes="string",
token_endpoint="string",
userinfo_endpoint="string")
const authConfigKeycloakOidcResource = new rancher2.AuthConfigKeycloakOidc("authConfigKeycloakOidcResource", {
clientId: "string",
rancherUrl: "string",
issuer: "string",
clientSecret: "string",
groupSearchEnabled: false,
jwksUrl: "string",
authEndpoint: "string",
emailClaim: "string",
enabled: false,
endSessionEndpoint: "string",
accessMode: "string",
groupsField: "string",
annotations: {
string: "string",
},
certificate: "string",
labels: {
string: "string",
},
logoutAllEnabled: false,
logoutAllForced: false,
nameClaim: "string",
privateKey: "string",
allowedPrincipalIds: ["string"],
scopes: "string",
tokenEndpoint: "string",
userinfoEndpoint: "string",
});
type: rancher2:AuthConfigKeycloakOidc
properties:
accessMode: string
allowedPrincipalIds:
- string
annotations:
string: string
authEndpoint: string
certificate: string
clientId: string
clientSecret: string
emailClaim: string
enabled: false
endSessionEndpoint: string
groupSearchEnabled: false
groupsField: string
issuer: string
jwksUrl: string
labels:
string: string
logoutAllEnabled: false
logoutAllForced: false
nameClaim: string
privateKey: string
rancherUrl: string
scopes: string
tokenEndpoint: string
userinfoEndpoint: string
AuthConfigKeycloakOidc Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthConfigKeycloakOidc resource accepts the following input properties:
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Issuer string
- The OIDC issuer URL.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Access
Mode string - Allowed
Principal List<string>Ids - Annotations Dictionary<string, string>
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Jwks
Url string - The OIDC JWKS URL.
- Labels Dictionary<string, string>
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Issuer string
- The OIDC issuer URL.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Access
Mode string - Allowed
Principal []stringIds - Annotations map[string]string
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Jwks
Url string - The OIDC JWKS URL.
- Labels map[string]string
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- issuer String
- The OIDC issuer URL.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String,String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String,String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
- client
Id string - The OIDC Client ID.
- client
Secret string - The OIDC Client Secret.
- issuer string
- The OIDC issuer URL.
- rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode string - allowed
Principal string[]Ids - annotations {[key: string]: string}
- Annotations of the resource
- auth
Endpoint string - The OIDC Auth Endpoint URL.
- certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- email
Claim string - The OIDC Claim to use for the user email.
- enabled boolean
- end
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search booleanEnabled - Enable group search.
- groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- jwks
Url string - The OIDC JWKS URL.
- labels {[key: string]: string}
- Labels of the resource
- logout
All booleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All booleanForced - Force the user to logout of their session with the IdP.
- name
Claim string - The OIDC Claim to use for the user name.
- private
Key string - A PEM-encoded private key for the OIDC provider.
- scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint string - The OIDC Token Endpoint URL.
- userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- client_
id str - The OIDC Client ID.
- client_
secret str - The OIDC Client Secret.
- issuer str
- The OIDC issuer URL.
- rancher_
url str - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access_
mode str - allowed_
principal_ Sequence[str]ids - annotations Mapping[str, str]
- Annotations of the resource
- auth_
endpoint str - The OIDC Auth Endpoint URL.
- certificate str
- A PEM-encoded CA certificate for the OIDC provider.
- email_
claim str - The OIDC Claim to use for the user email.
- enabled bool
- end_
session_ strendpoint - The provider specific URL used for logging a user out of their session.
- group_
search_ boolenabled - Enable group search.
- groups_
field str - The name of the OIDC claim to use for the user's group memberships.
- jwks_
url str - The OIDC JWKS URL.
- labels Mapping[str, str]
- Labels of the resource
- logout_
all_ boolenabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout_
all_ boolforced - Force the user to logout of their session with the IdP.
- name_
claim str - The OIDC Claim to use for the user name.
- private_
key str - A PEM-encoded private key for the OIDC provider.
- scopes str
- The OIDC scopes to request. Defaults to
openid profile email. - token_
endpoint str - The OIDC Token Endpoint URL.
- userinfo_
endpoint str - The OIDC User Info Endpoint URL.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- issuer String
- The OIDC issuer URL.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthConfigKeycloakOidc resource produces the following output properties:
Look up Existing AuthConfigKeycloakOidc Resource
Get an existing AuthConfigKeycloakOidc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthConfigKeycloakOidcState, opts?: CustomResourceOptions): AuthConfigKeycloakOidc@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_mode: Optional[str] = None,
allowed_principal_ids: Optional[Sequence[str]] = None,
annotations: Optional[Mapping[str, str]] = None,
auth_endpoint: Optional[str] = None,
certificate: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
email_claim: Optional[str] = None,
enabled: Optional[bool] = None,
end_session_endpoint: Optional[str] = None,
group_search_enabled: Optional[bool] = None,
groups_field: Optional[str] = None,
issuer: Optional[str] = None,
jwks_url: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
logout_all_enabled: Optional[bool] = None,
logout_all_forced: Optional[bool] = None,
name: Optional[str] = None,
name_claim: Optional[str] = None,
private_key: Optional[str] = None,
rancher_url: Optional[str] = None,
scopes: Optional[str] = None,
token_endpoint: Optional[str] = None,
type: Optional[str] = None,
userinfo_endpoint: Optional[str] = None) -> AuthConfigKeycloakOidcfunc GetAuthConfigKeycloakOidc(ctx *Context, name string, id IDInput, state *AuthConfigKeycloakOidcState, opts ...ResourceOption) (*AuthConfigKeycloakOidc, error)public static AuthConfigKeycloakOidc Get(string name, Input<string> id, AuthConfigKeycloakOidcState? state, CustomResourceOptions? opts = null)public static AuthConfigKeycloakOidc get(String name, Output<String> id, AuthConfigKeycloakOidcState state, CustomResourceOptions options)resources: _: type: rancher2:AuthConfigKeycloakOidc get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Mode string - Allowed
Principal List<string>Ids - Annotations Dictionary<string, string>
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Issuer string
- The OIDC issuer URL.
- Jwks
Url string - The OIDC JWKS URL.
- Labels Dictionary<string, string>
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name string
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Type string
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- Access
Mode string - Allowed
Principal []stringIds - Annotations map[string]string
- Annotations of the resource
- Auth
Endpoint string - The OIDC Auth Endpoint URL.
- Certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- Client
Id string - The OIDC Client ID.
- Client
Secret string - The OIDC Client Secret.
- Email
Claim string - The OIDC Claim to use for the user email.
- Enabled bool
- End
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- Group
Search boolEnabled - Enable group search.
- Groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- Issuer string
- The OIDC issuer URL.
- Jwks
Url string - The OIDC JWKS URL.
- Labels map[string]string
- Labels of the resource
- Logout
All boolEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- Logout
All boolForced - Force the user to logout of their session with the IdP.
- Name string
- Name
Claim string - The OIDC Claim to use for the user name.
- Private
Key string - A PEM-encoded private key for the OIDC provider.
- Rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- Scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - Token
Endpoint string - The OIDC Token Endpoint URL.
- Type string
- Userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String,String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- issuer String
- The OIDC issuer URL.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String,String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name String
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- type String
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
- access
Mode string - allowed
Principal string[]Ids - annotations {[key: string]: string}
- Annotations of the resource
- auth
Endpoint string - The OIDC Auth Endpoint URL.
- certificate string
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id string - The OIDC Client ID.
- client
Secret string - The OIDC Client Secret.
- email
Claim string - The OIDC Claim to use for the user email.
- enabled boolean
- end
Session stringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search booleanEnabled - Enable group search.
- groups
Field string - The name of the OIDC claim to use for the user's group memberships.
- issuer string
- The OIDC issuer URL.
- jwks
Url string - The OIDC JWKS URL.
- labels {[key: string]: string}
- Labels of the resource
- logout
All booleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All booleanForced - Force the user to logout of their session with the IdP.
- name string
- name
Claim string - The OIDC Claim to use for the user name.
- private
Key string - A PEM-encoded private key for the OIDC provider.
- rancher
Url string - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes string
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint string - The OIDC Token Endpoint URL.
- type string
- userinfo
Endpoint string - The OIDC User Info Endpoint URL.
- access_
mode str - allowed_
principal_ Sequence[str]ids - annotations Mapping[str, str]
- Annotations of the resource
- auth_
endpoint str - The OIDC Auth Endpoint URL.
- certificate str
- A PEM-encoded CA certificate for the OIDC provider.
- client_
id str - The OIDC Client ID.
- client_
secret str - The OIDC Client Secret.
- email_
claim str - The OIDC Claim to use for the user email.
- enabled bool
- end_
session_ strendpoint - The provider specific URL used for logging a user out of their session.
- group_
search_ boolenabled - Enable group search.
- groups_
field str - The name of the OIDC claim to use for the user's group memberships.
- issuer str
- The OIDC issuer URL.
- jwks_
url str - The OIDC JWKS URL.
- labels Mapping[str, str]
- Labels of the resource
- logout_
all_ boolenabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout_
all_ boolforced - Force the user to logout of their session with the IdP.
- name str
- name_
claim str - The OIDC Claim to use for the user name.
- private_
key str - A PEM-encoded private key for the OIDC provider.
- rancher_
url str - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes str
- The OIDC scopes to request. Defaults to
openid profile email. - token_
endpoint str - The OIDC Token Endpoint URL.
- type str
- userinfo_
endpoint str - The OIDC User Info Endpoint URL.
- access
Mode String - allowed
Principal List<String>Ids - annotations Map<String>
- Annotations of the resource
- auth
Endpoint String - The OIDC Auth Endpoint URL.
- certificate String
- A PEM-encoded CA certificate for the OIDC provider.
- client
Id String - The OIDC Client ID.
- client
Secret String - The OIDC Client Secret.
- email
Claim String - The OIDC Claim to use for the user email.
- enabled Boolean
- end
Session StringEndpoint - The provider specific URL used for logging a user out of their session.
- group
Search BooleanEnabled - Enable group search.
- groups
Field String - The name of the OIDC claim to use for the user's group memberships.
- issuer String
- The OIDC issuer URL.
- jwks
Url String - The OIDC JWKS URL.
- labels Map<String>
- Labels of the resource
- logout
All BooleanEnabled - Allow the user to choose whether or not to logout of their session with the IdP.
- logout
All BooleanForced - Force the user to logout of their session with the IdP.
- name String
- name
Claim String - The OIDC Claim to use for the user name.
- private
Key String - A PEM-encoded private key for the OIDC provider.
- rancher
Url String - The URL of the Rancher server. This is used as the redirect URI for the OIDC provider.
- scopes String
- The OIDC scopes to request. Defaults to
openid profile email. - token
Endpoint String - The OIDC Token Endpoint URL.
- type String
- userinfo
Endpoint String - The OIDC User Info Endpoint URL.
Package Details
- Repository
- Rancher2 pulumi/pulumi-rancher2
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
rancher2Terraform Provider.
Viewing docs for Rancher 2 v12.0.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
