Rancher 2 v4.0.0, Apr 20 23

rancher2.AuthConfigOkta

Explore with Pulumi AI

Provides a Rancher v2 Auth Config OKTA resource. This can be used to configure and enable Auth Config OKTA for Rancher v2 RKE clusters and retrieve their information.

In addition to the built-in local auth, only one external auth config provider can be enabled at a time.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Rancher2 = Pulumi.Rancher2;

return await Deployment.RunAsync(() => 
{
    // Create a new rancher2 Auth Config OKTA
    var okta = new Rancher2.AuthConfigOkta("okta", new()
    {
        DisplayNameField = "<DISPLAY_NAME_FIELD>",
        GroupsField = "<GROUPS_FIELD>",
        IdpMetadataContent = "<IDP_METADATA_CONTENT>",
        RancherApiHost = "https://<RANCHER_API_HOST>",
        SpCert = "<SP_CERT>",
        SpKey = "<SP_KEY>",
        UidField = "<UID_FIELD>",
        UserNameField = "<USER_NAME_FIELD>",
    });

});

package main

import (
	"github.com/pulumi/pulumi-rancher2/sdk/v4/go/rancher2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := rancher2.NewAuthConfigOkta(ctx, "okta", &rancher2.AuthConfigOktaArgs{
			DisplayNameField:   pulumi.String("<DISPLAY_NAME_FIELD>"),
			GroupsField:        pulumi.String("<GROUPS_FIELD>"),
			IdpMetadataContent: pulumi.String("<IDP_METADATA_CONTENT>"),
			RancherApiHost:     pulumi.String("https://<RANCHER_API_HOST>"),
			SpCert:             pulumi.String("<SP_CERT>"),
			SpKey:              pulumi.String("<SP_KEY>"),
			UidField:           pulumi.String("<UID_FIELD>"),
			UserNameField:      pulumi.String("<USER_NAME_FIELD>"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.rancher2.AuthConfigOkta;
import com.pulumi.rancher2.AuthConfigOktaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var okta = new AuthConfigOkta("okta", AuthConfigOktaArgs.builder()        
            .displayNameField("<DISPLAY_NAME_FIELD>")
            .groupsField("<GROUPS_FIELD>")
            .idpMetadataContent("<IDP_METADATA_CONTENT>")
            .rancherApiHost("https://<RANCHER_API_HOST>")
            .spCert("<SP_CERT>")
            .spKey("<SP_KEY>")
            .uidField("<UID_FIELD>")
            .userNameField("<USER_NAME_FIELD>")
            .build());

    }
}

import pulumi
import pulumi_rancher2 as rancher2

# Create a new rancher2 Auth Config OKTA
okta = rancher2.AuthConfigOkta("okta",
    display_name_field="<DISPLAY_NAME_FIELD>",
    groups_field="<GROUPS_FIELD>",
    idp_metadata_content="<IDP_METADATA_CONTENT>",
    rancher_api_host="https://<RANCHER_API_HOST>",
    sp_cert="<SP_CERT>",
    sp_key="<SP_KEY>",
    uid_field="<UID_FIELD>",
    user_name_field="<USER_NAME_FIELD>")

import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";

// Create a new rancher2 Auth Config OKTA
const okta = new rancher2.AuthConfigOkta("okta", {
    displayNameField: "<DISPLAY_NAME_FIELD>",
    groupsField: "<GROUPS_FIELD>",
    idpMetadataContent: "<IDP_METADATA_CONTENT>",
    rancherApiHost: "https://<RANCHER_API_HOST>",
    spCert: "<SP_CERT>",
    spKey: "<SP_KEY>",
    uidField: "<UID_FIELD>",
    userNameField: "<USER_NAME_FIELD>",
});

resources:
  # Create a new rancher2 Auth Config OKTA
  okta:
    type: rancher2:AuthConfigOkta
    properties:
      displayNameField: <DISPLAY_NAME_FIELD>
      groupsField: <GROUPS_FIELD>
      idpMetadataContent: <IDP_METADATA_CONTENT>
      rancherApiHost: https://<RANCHER_API_HOST>
      spCert: <SP_CERT>
      spKey: <SP_KEY>
      uidField: <UID_FIELD>
      userNameField: <USER_NAME_FIELD>

Create AuthConfigOkta Resource

new AuthConfigOkta(name: string, args: AuthConfigOktaArgs, opts?: CustomResourceOptions);

@overload
def AuthConfigOkta(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   access_mode: Optional[str] = None,
                   allowed_principal_ids: Optional[Sequence[str]] = None,
                   annotations: Optional[Mapping[str, Any]] = None,
                   display_name_field: Optional[str] = None,
                   enabled: Optional[bool] = None,
                   groups_field: Optional[str] = None,
                   idp_metadata_content: Optional[str] = None,
                   labels: Optional[Mapping[str, Any]] = None,
                   rancher_api_host: Optional[str] = None,
                   sp_cert: Optional[str] = None,
                   sp_key: Optional[str] = None,
                   uid_field: Optional[str] = None,
                   user_name_field: Optional[str] = None)
@overload
def AuthConfigOkta(resource_name: str,
                   args: AuthConfigOktaArgs,
                   opts: Optional[ResourceOptions] = None)

func NewAuthConfigOkta(ctx *Context, name string, args AuthConfigOktaArgs, opts ...ResourceOption) (*AuthConfigOkta, error)

public AuthConfigOkta(string name, AuthConfigOktaArgs args, CustomResourceOptions? opts = null)

public AuthConfigOkta(String name, AuthConfigOktaArgs args)
public AuthConfigOkta(String name, AuthConfigOktaArgs args, CustomResourceOptions options)

type: rancher2:AuthConfigOkta
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AuthConfigOktaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AuthConfigOktaArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AuthConfigOktaArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AuthConfigOktaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AuthConfigOktaArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

AuthConfigOkta Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AuthConfigOkta resource accepts the following input properties:

DisplayNameField string: OKTA display name field (string)
GroupsField string: OKTA group field (string)
IdpMetadataContent string: OKTA IDP metadata content (string)
RancherApiHost string: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
SpCert string: OKTA SP cert (string)
SpKey string: OKTA SP key (string)
UidField string: OKTA UID field (string)
UserNameField string: OKTA user name field (string)
AccessMode string: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
AllowedPrincipalIds List<string>: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
Annotations Dictionary<string, object>: Annotations of the resource (map)
Enabled bool: Enable auth config provider. Default true (bool)
Labels Dictionary<string, object>: Labels of the resource (map)

DisplayNameField string: OKTA display name field (string)
GroupsField string: OKTA group field (string)
IdpMetadataContent string: OKTA IDP metadata content (string)
RancherApiHost string: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
SpCert string: OKTA SP cert (string)
SpKey string: OKTA SP key (string)
UidField string: OKTA UID field (string)
UserNameField string: OKTA user name field (string)
AccessMode string: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
AllowedPrincipalIds []string: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
Annotations map[string]interface{}: Annotations of the resource (map)
Enabled bool: Enable auth config provider. Default true (bool)
Labels map[string]interface{}: Labels of the resource (map)

displayNameField String: OKTA display name field (string)
groupsField String: OKTA group field (string)
idpMetadataContent String: OKTA IDP metadata content (string)
rancherApiHost String: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
spCert String: OKTA SP cert (string)
spKey String: OKTA SP key (string)
uidField String: OKTA UID field (string)
userNameField String: OKTA user name field (string)
accessMode String: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowedPrincipalIds List<String>: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations Map<String,Object>: Annotations of the resource (map)
enabled Boolean: Enable auth config provider. Default true (bool)
labels Map<String,Object>: Labels of the resource (map)

displayNameField string: OKTA display name field (string)
groupsField string: OKTA group field (string)
idpMetadataContent string: OKTA IDP metadata content (string)
rancherApiHost string: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
spCert string: OKTA SP cert (string)
spKey string: OKTA SP key (string)
uidField string: OKTA UID field (string)
userNameField string: OKTA user name field (string)
accessMode string: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowedPrincipalIds string[]: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations {[key: string]: any}: Annotations of the resource (map)
enabled boolean: Enable auth config provider. Default true (bool)
labels {[key: string]: any}: Labels of the resource (map)

display_name_field str: OKTA display name field (string)
groups_field str: OKTA group field (string)
idp_metadata_content str: OKTA IDP metadata content (string)
rancher_api_host str: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
sp_cert str: OKTA SP cert (string)
sp_key str: OKTA SP key (string)
uid_field str: OKTA UID field (string)
user_name_field str: OKTA user name field (string)
access_mode str: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowed_principal_ids Sequence[str]: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations Mapping[str, Any]: Annotations of the resource (map)
enabled bool: Enable auth config provider. Default true (bool)
labels Mapping[str, Any]: Labels of the resource (map)

displayNameField String: OKTA display name field (string)
groupsField String: OKTA group field (string)
idpMetadataContent String: OKTA IDP metadata content (string)
rancherApiHost String: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
spCert String: OKTA SP cert (string)
spKey String: OKTA SP key (string)
uidField String: OKTA UID field (string)
userNameField String: OKTA user name field (string)
accessMode String: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowedPrincipalIds List<String>: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations Map<Any>: Annotations of the resource (map)
enabled Boolean: Enable auth config provider. Default true (bool)
labels Map<Any>: Labels of the resource (map)

Outputs

All input properties are implicitly available as output properties. Additionally, the AuthConfigOkta resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: (Computed) The name of the resource (string)
Type string: (Computed) The type of the resource (string)

Id string: The provider-assigned unique ID for this managed resource.
Name string: (Computed) The name of the resource (string)
Type string: (Computed) The type of the resource (string)

id String: The provider-assigned unique ID for this managed resource.
name String: (Computed) The name of the resource (string)
type String: (Computed) The type of the resource (string)

id string: The provider-assigned unique ID for this managed resource.
name string: (Computed) The name of the resource (string)
type string: (Computed) The type of the resource (string)

id str: The provider-assigned unique ID for this managed resource.
name str: (Computed) The name of the resource (string)
type str: (Computed) The type of the resource (string)

id String: The provider-assigned unique ID for this managed resource.
name String: (Computed) The name of the resource (string)
type String: (Computed) The type of the resource (string)

Look up Existing AuthConfigOkta Resource

Get an existing AuthConfigOkta resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AuthConfigOktaState, opts?: CustomResourceOptions): AuthConfigOkta

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_mode: Optional[str] = None,
        allowed_principal_ids: Optional[Sequence[str]] = None,
        annotations: Optional[Mapping[str, Any]] = None,
        display_name_field: Optional[str] = None,
        enabled: Optional[bool] = None,
        groups_field: Optional[str] = None,
        idp_metadata_content: Optional[str] = None,
        labels: Optional[Mapping[str, Any]] = None,
        name: Optional[str] = None,
        rancher_api_host: Optional[str] = None,
        sp_cert: Optional[str] = None,
        sp_key: Optional[str] = None,
        type: Optional[str] = None,
        uid_field: Optional[str] = None,
        user_name_field: Optional[str] = None) -> AuthConfigOkta

func GetAuthConfigOkta(ctx *Context, name string, id IDInput, state *AuthConfigOktaState, opts ...ResourceOption) (*AuthConfigOkta, error)

public static AuthConfigOkta Get(string name, Input<string> id, AuthConfigOktaState? state, CustomResourceOptions? opts = null)

public static AuthConfigOkta get(String name, Output<String> id, AuthConfigOktaState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessMode string: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
AllowedPrincipalIds List<string>: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
Annotations Dictionary<string, object>: Annotations of the resource (map)
DisplayNameField string: OKTA display name field (string)
Enabled bool: Enable auth config provider. Default true (bool)
GroupsField string: OKTA group field (string)
IdpMetadataContent string: OKTA IDP metadata content (string)
Labels Dictionary<string, object>: Labels of the resource (map)
Name string: (Computed) The name of the resource (string)
RancherApiHost string: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
SpCert string: OKTA SP cert (string)
SpKey string: OKTA SP key (string)
Type string: (Computed) The type of the resource (string)
UidField string: OKTA UID field (string)
UserNameField string: OKTA user name field (string)

AccessMode string: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
AllowedPrincipalIds []string: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
Annotations map[string]interface{}: Annotations of the resource (map)
DisplayNameField string: OKTA display name field (string)
Enabled bool: Enable auth config provider. Default true (bool)
GroupsField string: OKTA group field (string)
IdpMetadataContent string: OKTA IDP metadata content (string)
Labels map[string]interface{}: Labels of the resource (map)
Name string: (Computed) The name of the resource (string)
RancherApiHost string: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
SpCert string: OKTA SP cert (string)
SpKey string: OKTA SP key (string)
Type string: (Computed) The type of the resource (string)
UidField string: OKTA UID field (string)
UserNameField string: OKTA user name field (string)

accessMode String: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowedPrincipalIds List<String>: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations Map<String,Object>: Annotations of the resource (map)
displayNameField String: OKTA display name field (string)
enabled Boolean: Enable auth config provider. Default true (bool)
groupsField String: OKTA group field (string)
idpMetadataContent String: OKTA IDP metadata content (string)
labels Map<String,Object>: Labels of the resource (map)
name String: (Computed) The name of the resource (string)
rancherApiHost String: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
spCert String: OKTA SP cert (string)
spKey String: OKTA SP key (string)
type String: (Computed) The type of the resource (string)
uidField String: OKTA UID field (string)
userNameField String: OKTA user name field (string)

accessMode string: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowedPrincipalIds string[]: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations {[key: string]: any}: Annotations of the resource (map)
displayNameField string: OKTA display name field (string)
enabled boolean: Enable auth config provider. Default true (bool)
groupsField string: OKTA group field (string)
idpMetadataContent string: OKTA IDP metadata content (string)
labels {[key: string]: any}: Labels of the resource (map)
name string: (Computed) The name of the resource (string)
rancherApiHost string: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
spCert string: OKTA SP cert (string)
spKey string: OKTA SP key (string)
type string: (Computed) The type of the resource (string)
uidField string: OKTA UID field (string)
userNameField string: OKTA user name field (string)

access_mode str: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowed_principal_ids Sequence[str]: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations Mapping[str, Any]: Annotations of the resource (map)
display_name_field str: OKTA display name field (string)
enabled bool: Enable auth config provider. Default true (bool)
groups_field str: OKTA group field (string)
idp_metadata_content str: OKTA IDP metadata content (string)
labels Mapping[str, Any]: Labels of the resource (map)
name str: (Computed) The name of the resource (string)
rancher_api_host str: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
sp_cert str: OKTA SP cert (string)
sp_key str: OKTA SP key (string)
type str: (Computed) The type of the resource (string)
uid_field str: OKTA UID field (string)
user_name_field str: OKTA user name field (string)

accessMode String: Access mode for auth. required, restricted, unrestricted are supported. Default unrestricted (string)
allowedPrincipalIds List<String>: Allowed principal ids for auth. Required if access_mode is required or restricted. Ex: okta_user://<USER_ID> okta_group://<GROUP_ID> (list)
annotations Map<Any>: Annotations of the resource (map)
displayNameField String: OKTA display name field (string)
enabled Boolean: Enable auth config provider. Default true (bool)
groupsField String: OKTA group field (string)
idpMetadataContent String: OKTA IDP metadata content (string)
labels Map<Any>: Labels of the resource (map)
name String: (Computed) The name of the resource (string)
rancherApiHost String: Rancher URL. URL scheme needs to be specified, https://<RANCHER_API_HOST> (string)
spCert String: OKTA SP cert (string)
spKey String: OKTA SP key (string)
type String: (Computed) The type of the resource (string)
uidField String: OKTA UID field (string)
userNameField String: OKTA user name field (string)

Package Details

Repository: Rancher2 pulumi/pulumi-rancher2
License: Apache-2.0
Notes: This Pulumi package is based on the rancher2 Terraform Provider.