rancher2.CustomUserToken
Explore with Pulumi AI
Provides a Rancher v2 Token resource, specifically to create tokens for custom users (i.e. not the ‘admin’ user configured with the provider config). Custom user tokens can f.e. be used as service account tokens with the Rancher v2 API having limited permissions. To create a custom user token the username/password for the Rancher User must be known.
There are 2 kind of tokens:
- not scoped: valid for global system.
- scoped: valid for just a specific cluster (
cluster_id
should be provided).
Tokens can only be created for a Rancher User with at least the user-base
global role binding in order to enable user login.
Tokens can’t be updated once created. Any diff in token data will recreate the token. If any token expire, Rancher2 provider will generate a diff to regenerate it.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Rancher2 = Pulumi.Rancher2;
return await Deployment.RunAsync(() =>
{
// Create a rancher2 Token
var fooUser = new Rancher2.User("fooUser", new()
{
Username = "foo",
Password = "changeme",
Enabled = true,
});
var foo_login = new Rancher2.GlobalRoleBinding("foo-login", new()
{
GlobalRoleId = "user-base",
UserId = fooUser.Id,
});
var fooCustomUserToken = new Rancher2.CustomUserToken("fooCustomUserToken", new()
{
Username = fooUser.Username,
Password = fooUser.Password,
Description = "foo token",
Ttl = 0,
}, new CustomResourceOptions
{
DependsOn = new[]
{
foo_login,
},
});
});
package main
import (
"github.com/pulumi/pulumi-rancher2/sdk/v5/go/rancher2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
fooUser, err := rancher2.NewUser(ctx, "fooUser", &rancher2.UserArgs{
Username: pulumi.String("foo"),
Password: pulumi.String("changeme"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = rancher2.NewGlobalRoleBinding(ctx, "foo-login", &rancher2.GlobalRoleBindingArgs{
GlobalRoleId: pulumi.String("user-base"),
UserId: fooUser.ID(),
})
if err != nil {
return err
}
_, err = rancher2.NewCustomUserToken(ctx, "fooCustomUserToken", &rancher2.CustomUserTokenArgs{
Username: fooUser.Username,
Password: fooUser.Password,
Description: pulumi.String("foo token"),
Ttl: pulumi.Int(0),
}, pulumi.DependsOn([]pulumi.Resource{
foo_login,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.rancher2.User;
import com.pulumi.rancher2.UserArgs;
import com.pulumi.rancher2.GlobalRoleBinding;
import com.pulumi.rancher2.GlobalRoleBindingArgs;
import com.pulumi.rancher2.CustomUserToken;
import com.pulumi.rancher2.CustomUserTokenArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var fooUser = new User("fooUser", UserArgs.builder()
.username("foo")
.password("changeme")
.enabled(true)
.build());
var foo_login = new GlobalRoleBinding("foo-login", GlobalRoleBindingArgs.builder()
.globalRoleId("user-base")
.userId(fooUser.id())
.build());
var fooCustomUserToken = new CustomUserToken("fooCustomUserToken", CustomUserTokenArgs.builder()
.username(fooUser.username())
.password(fooUser.password())
.description("foo token")
.ttl(0)
.build(), CustomResourceOptions.builder()
.dependsOn(foo_login)
.build());
}
}
import pulumi
import pulumi_rancher2 as rancher2
# Create a rancher2 Token
foo_user = rancher2.User("fooUser",
username="foo",
password="changeme",
enabled=True)
foo_login = rancher2.GlobalRoleBinding("foo-login",
global_role_id="user-base",
user_id=foo_user.id)
foo_custom_user_token = rancher2.CustomUserToken("fooCustomUserToken",
username=foo_user.username,
password=foo_user.password,
description="foo token",
ttl=0,
opts=pulumi.ResourceOptions(depends_on=[foo_login]))
import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";
// Create a rancher2 Token
const fooUser = new rancher2.User("fooUser", {
username: "foo",
password: "changeme",
enabled: true,
});
const foo_login = new rancher2.GlobalRoleBinding("foo-login", {
globalRoleId: "user-base",
userId: fooUser.id,
});
const fooCustomUserToken = new rancher2.CustomUserToken("fooCustomUserToken", {
username: fooUser.username,
password: fooUser.password,
description: "foo token",
ttl: 0,
}, {
dependsOn: [foo_login],
});
resources:
# Create a rancher2 Token
fooUser:
type: rancher2:User
properties:
username: foo
password: changeme
enabled: true
foo-login:
type: rancher2:GlobalRoleBinding
properties:
globalRoleId: user-base
userId: ${fooUser.id}
fooCustomUserToken:
type: rancher2:CustomUserToken
properties:
username: ${fooUser.username}
password: ${fooUser.password}
description: foo token
ttl: 0
options:
dependson:
- ${["foo-login"]}
Create CustomUserToken Resource
new CustomUserToken(name: string, args: CustomUserTokenArgs, opts?: CustomResourceOptions);
@overload
def CustomUserToken(resource_name: str,
opts: Optional[ResourceOptions] = None,
annotations: Optional[Mapping[str, Any]] = None,
cluster_id: Optional[str] = None,
description: Optional[str] = None,
labels: Optional[Mapping[str, Any]] = None,
password: Optional[str] = None,
renew: Optional[bool] = None,
ttl: Optional[int] = None,
username: Optional[str] = None)
@overload
def CustomUserToken(resource_name: str,
args: CustomUserTokenArgs,
opts: Optional[ResourceOptions] = None)
func NewCustomUserToken(ctx *Context, name string, args CustomUserTokenArgs, opts ...ResourceOption) (*CustomUserToken, error)
public CustomUserToken(string name, CustomUserTokenArgs args, CustomResourceOptions? opts = null)
public CustomUserToken(String name, CustomUserTokenArgs args)
public CustomUserToken(String name, CustomUserTokenArgs args, CustomResourceOptions options)
type: rancher2:CustomUserToken
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomUserTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CustomUserTokenArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CustomUserTokenArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomUserTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CustomUserTokenArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CustomUserToken Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CustomUserToken resource accepts the following input properties:
- Password string
The user password (string)
- Username string
The user username (string)
- Annotations Dictionary<string, object>
(Computed) Annotations of the token (map)
- Cluster
Id string Cluster ID for scoped token (string)
- Description string
Token description (string)
- Labels Dictionary<string, object>
(Computed) Labels of the token (map)
- Renew bool
Renew expired or disabled token
- Ttl int
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.
- Password string
The user password (string)
- Username string
The user username (string)
- Annotations map[string]interface{}
(Computed) Annotations of the token (map)
- Cluster
Id string Cluster ID for scoped token (string)
- Description string
Token description (string)
- Labels map[string]interface{}
(Computed) Labels of the token (map)
- Renew bool
Renew expired or disabled token
- Ttl int
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.
- password String
The user password (string)
- username String
The user username (string)
- annotations Map<String,Object>
(Computed) Annotations of the token (map)
- cluster
Id String Cluster ID for scoped token (string)
- description String
Token description (string)
- labels Map<String,Object>
(Computed) Labels of the token (map)
- renew Boolean
Renew expired or disabled token
- ttl Integer
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.
- password string
The user password (string)
- username string
The user username (string)
- annotations {[key: string]: any}
(Computed) Annotations of the token (map)
- cluster
Id string Cluster ID for scoped token (string)
- description string
Token description (string)
- labels {[key: string]: any}
(Computed) Labels of the token (map)
- renew boolean
Renew expired or disabled token
- ttl number
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.
- password str
The user password (string)
- username str
The user username (string)
- annotations Mapping[str, Any]
(Computed) Annotations of the token (map)
- cluster_
id str Cluster ID for scoped token (string)
- description str
Token description (string)
- labels Mapping[str, Any]
(Computed) Labels of the token (map)
- renew bool
Renew expired or disabled token
- ttl int
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.
- password String
The user password (string)
- username String
The user username (string)
- annotations Map<Any>
(Computed) Annotations of the token (map)
- cluster
Id String Cluster ID for scoped token (string)
- description String
Token description (string)
- labels Map<Any>
(Computed) Labels of the token (map)
- renew Boolean
Renew expired or disabled token
- ttl Number
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.
Outputs
All input properties are implicitly available as output properties. Additionally, the CustomUserToken resource produces the following output properties:
- Access
Key string (Computed) Token access key part (string)
- Enabled bool
(Computed) Token is enabled (bool)
- Expired bool
(Computed) Token is expired (bool)
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
(Computed) Token name (string)
- Secret
Key string (Computed/Sensitive) Token secret key part (string)
- Temp
Token string (Computed) Generated API temporary token as helper. Should be empty (string)
- Temp
Token stringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- Token string
(Computed/Sensitive) Token value (string)
- User
Id string (Computed) Token user ID (string)
- Access
Key string (Computed) Token access key part (string)
- Enabled bool
(Computed) Token is enabled (bool)
- Expired bool
(Computed) Token is expired (bool)
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
(Computed) Token name (string)
- Secret
Key string (Computed/Sensitive) Token secret key part (string)
- Temp
Token string (Computed) Generated API temporary token as helper. Should be empty (string)
- Temp
Token stringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- Token string
(Computed/Sensitive) Token value (string)
- User
Id string (Computed) Token user ID (string)
- access
Key String (Computed) Token access key part (string)
- enabled Boolean
(Computed) Token is enabled (bool)
- expired Boolean
(Computed) Token is expired (bool)
- id String
The provider-assigned unique ID for this managed resource.
- name String
(Computed) Token name (string)
- secret
Key String (Computed/Sensitive) Token secret key part (string)
- temp
Token String (Computed) Generated API temporary token as helper. Should be empty (string)
- temp
Token StringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- token String
(Computed/Sensitive) Token value (string)
- user
Id String (Computed) Token user ID (string)
- access
Key string (Computed) Token access key part (string)
- enabled boolean
(Computed) Token is enabled (bool)
- expired boolean
(Computed) Token is expired (bool)
- id string
The provider-assigned unique ID for this managed resource.
- name string
(Computed) Token name (string)
- secret
Key string (Computed/Sensitive) Token secret key part (string)
- temp
Token string (Computed) Generated API temporary token as helper. Should be empty (string)
- temp
Token stringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- token string
(Computed/Sensitive) Token value (string)
- user
Id string (Computed) Token user ID (string)
- access_
key str (Computed) Token access key part (string)
- enabled bool
(Computed) Token is enabled (bool)
- expired bool
(Computed) Token is expired (bool)
- id str
The provider-assigned unique ID for this managed resource.
- name str
(Computed) Token name (string)
- secret_
key str (Computed/Sensitive) Token secret key part (string)
- temp_
token str (Computed) Generated API temporary token as helper. Should be empty (string)
- temp_
token_ strid (Computed) Generated API temporary token id as helper. Should be empty (string)
- token str
(Computed/Sensitive) Token value (string)
- user_
id str (Computed) Token user ID (string)
- access
Key String (Computed) Token access key part (string)
- enabled Boolean
(Computed) Token is enabled (bool)
- expired Boolean
(Computed) Token is expired (bool)
- id String
The provider-assigned unique ID for this managed resource.
- name String
(Computed) Token name (string)
- secret
Key String (Computed/Sensitive) Token secret key part (string)
- temp
Token String (Computed) Generated API temporary token as helper. Should be empty (string)
- temp
Token StringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- token String
(Computed/Sensitive) Token value (string)
- user
Id String (Computed) Token user ID (string)
Look up Existing CustomUserToken Resource
Get an existing CustomUserToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CustomUserTokenState, opts?: CustomResourceOptions): CustomUserToken
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_key: Optional[str] = None,
annotations: Optional[Mapping[str, Any]] = None,
cluster_id: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
expired: Optional[bool] = None,
labels: Optional[Mapping[str, Any]] = None,
name: Optional[str] = None,
password: Optional[str] = None,
renew: Optional[bool] = None,
secret_key: Optional[str] = None,
temp_token: Optional[str] = None,
temp_token_id: Optional[str] = None,
token: Optional[str] = None,
ttl: Optional[int] = None,
user_id: Optional[str] = None,
username: Optional[str] = None) -> CustomUserToken
func GetCustomUserToken(ctx *Context, name string, id IDInput, state *CustomUserTokenState, opts ...ResourceOption) (*CustomUserToken, error)
public static CustomUserToken Get(string name, Input<string> id, CustomUserTokenState? state, CustomResourceOptions? opts = null)
public static CustomUserToken get(String name, Output<String> id, CustomUserTokenState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Key string (Computed) Token access key part (string)
- Annotations Dictionary<string, object>
(Computed) Annotations of the token (map)
- Cluster
Id string Cluster ID for scoped token (string)
- Description string
Token description (string)
- Enabled bool
(Computed) Token is enabled (bool)
- Expired bool
(Computed) Token is expired (bool)
- Labels Dictionary<string, object>
(Computed) Labels of the token (map)
- Name string
(Computed) Token name (string)
- Password string
The user password (string)
- Renew bool
Renew expired or disabled token
- Secret
Key string (Computed/Sensitive) Token secret key part (string)
- Temp
Token string (Computed) Generated API temporary token as helper. Should be empty (string)
- Temp
Token stringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- Token string
(Computed/Sensitive) Token value (string)
- Ttl int
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.- User
Id string (Computed) Token user ID (string)
- Username string
The user username (string)
- Access
Key string (Computed) Token access key part (string)
- Annotations map[string]interface{}
(Computed) Annotations of the token (map)
- Cluster
Id string Cluster ID for scoped token (string)
- Description string
Token description (string)
- Enabled bool
(Computed) Token is enabled (bool)
- Expired bool
(Computed) Token is expired (bool)
- Labels map[string]interface{}
(Computed) Labels of the token (map)
- Name string
(Computed) Token name (string)
- Password string
The user password (string)
- Renew bool
Renew expired or disabled token
- Secret
Key string (Computed/Sensitive) Token secret key part (string)
- Temp
Token string (Computed) Generated API temporary token as helper. Should be empty (string)
- Temp
Token stringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- Token string
(Computed/Sensitive) Token value (string)
- Ttl int
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.- User
Id string (Computed) Token user ID (string)
- Username string
The user username (string)
- access
Key String (Computed) Token access key part (string)
- annotations Map<String,Object>
(Computed) Annotations of the token (map)
- cluster
Id String Cluster ID for scoped token (string)
- description String
Token description (string)
- enabled Boolean
(Computed) Token is enabled (bool)
- expired Boolean
(Computed) Token is expired (bool)
- labels Map<String,Object>
(Computed) Labels of the token (map)
- name String
(Computed) Token name (string)
- password String
The user password (string)
- renew Boolean
Renew expired or disabled token
- secret
Key String (Computed/Sensitive) Token secret key part (string)
- temp
Token String (Computed) Generated API temporary token as helper. Should be empty (string)
- temp
Token StringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- token String
(Computed/Sensitive) Token value (string)
- ttl Integer
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.- user
Id String (Computed) Token user ID (string)
- username String
The user username (string)
- access
Key string (Computed) Token access key part (string)
- annotations {[key: string]: any}
(Computed) Annotations of the token (map)
- cluster
Id string Cluster ID for scoped token (string)
- description string
Token description (string)
- enabled boolean
(Computed) Token is enabled (bool)
- expired boolean
(Computed) Token is expired (bool)
- labels {[key: string]: any}
(Computed) Labels of the token (map)
- name string
(Computed) Token name (string)
- password string
The user password (string)
- renew boolean
Renew expired or disabled token
- secret
Key string (Computed/Sensitive) Token secret key part (string)
- temp
Token string (Computed) Generated API temporary token as helper. Should be empty (string)
- temp
Token stringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- token string
(Computed/Sensitive) Token value (string)
- ttl number
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.- user
Id string (Computed) Token user ID (string)
- username string
The user username (string)
- access_
key str (Computed) Token access key part (string)
- annotations Mapping[str, Any]
(Computed) Annotations of the token (map)
- cluster_
id str Cluster ID for scoped token (string)
- description str
Token description (string)
- enabled bool
(Computed) Token is enabled (bool)
- expired bool
(Computed) Token is expired (bool)
- labels Mapping[str, Any]
(Computed) Labels of the token (map)
- name str
(Computed) Token name (string)
- password str
The user password (string)
- renew bool
Renew expired or disabled token
- secret_
key str (Computed/Sensitive) Token secret key part (string)
- temp_
token str (Computed) Generated API temporary token as helper. Should be empty (string)
- temp_
token_ strid (Computed) Generated API temporary token id as helper. Should be empty (string)
- token str
(Computed/Sensitive) Token value (string)
- ttl int
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.- user_
id str (Computed) Token user ID (string)
- username str
The user username (string)
- access
Key String (Computed) Token access key part (string)
- annotations Map<Any>
(Computed) Annotations of the token (map)
- cluster
Id String Cluster ID for scoped token (string)
- description String
Token description (string)
- enabled Boolean
(Computed) Token is enabled (bool)
- expired Boolean
(Computed) Token is expired (bool)
- labels Map<Any>
(Computed) Labels of the token (map)
- name String
(Computed) Token name (string)
- password String
The user password (string)
- renew Boolean
Renew expired or disabled token
- secret
Key String (Computed/Sensitive) Token secret key part (string)
- temp
Token String (Computed) Generated API temporary token as helper. Should be empty (string)
- temp
Token StringId (Computed) Generated API temporary token id as helper. Should be empty (string)
- token String
(Computed/Sensitive) Token value (string)
- ttl Number
Token time to live in seconds. Default
0
(int)From Rancher v2.4.6
ttl
is read in minutes at Rancher API. To avoid breaking change on the provider, we still read in seconds but rounding up division if required.- user
Id String (Computed) Token user ID (string)
- username String
The user username (string)
Package Details
- Repository
- Rancher2 pulumi/pulumi-rancher2
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
rancher2
Terraform Provider.