Docs
Packagesvault.identity.getOidcOpenidConfig
Explore with Pulumi AI
Example Usage
using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var key = new Vault.Identity.OidcKey("key", new()
{
AllowedClientIds = new[]
{
"*",
},
RotationPeriod = 3600,
VerificationTtl = 3600,
});
var app = new Vault.Identity.OidcClient("app", new()
{
Key = key.Name,
RedirectUris = new[]
{
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
},
IdTokenTtl = 2400,
AccessTokenTtl = 7200,
});
var provider = new Vault.Identity.OidcProvider("provider", new()
{
AllowedClientIds = new[]
{
vault_identity_oidc_client.Test.Client_id,
},
});
var config = Vault.Identity.GetOidcOpenidConfig.Invoke(new()
{
Name = provider.Name,
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/identity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
AllowedClientIds: pulumi.StringArray{
pulumi.String("*"),
},
RotationPeriod: pulumi.Int(3600),
VerificationTtl: pulumi.Int(3600),
})
if err != nil {
return err
}
_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
Key: key.Name,
RedirectUris: pulumi.StringArray{
pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
pulumi.String("http://127.0.0.1:8251/callback"),
pulumi.String("http://127.0.0.1:8080/callback"),
},
IdTokenTtl: pulumi.Int(2400),
AccessTokenTtl: pulumi.Int(7200),
})
if err != nil {
return err
}
provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
AllowedClientIds: pulumi.StringArray{
pulumi.Any(vault_identity_oidc_client.Test.Client_id),
},
})
if err != nil {
return err
}
_ = identity.GetOidcOpenidConfigOutput(ctx, identity.GetOidcOpenidConfigOutputArgs{
Name: provider.Name,
}, nil)
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import com.pulumi.vault.identity.OidcProvider;
import com.pulumi.vault.identity.OidcProviderArgs;
import com.pulumi.vault.identity.IdentityFunctions;
import com.pulumi.vault.identity.inputs.GetOidcOpenidConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new OidcKey("key", OidcKeyArgs.builder()
.allowedClientIds("*")
.rotationPeriod(3600)
.verificationTtl(3600)
.build());
var app = new OidcClient("app", OidcClientArgs.builder()
.key(key.name())
.redirectUris(
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback")
.idTokenTtl(2400)
.accessTokenTtl(7200)
.build());
var provider = new OidcProvider("provider", OidcProviderArgs.builder()
.allowedClientIds(vault_identity_oidc_client.test().client_id())
.build());
final var config = IdentityFunctions.getOidcOpenidConfig(GetOidcOpenidConfigArgs.builder()
.name(provider.name())
.build());
}
}
import pulumi
import pulumi_vault as vault
key = vault.identity.OidcKey("key",
allowed_client_ids=["*"],
rotation_period=3600,
verification_ttl=3600)
app = vault.identity.OidcClient("app",
key=key.name,
redirect_uris=[
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
id_token_ttl=2400,
access_token_ttl=7200)
provider = vault.identity.OidcProvider("provider", allowed_client_ids=[vault_identity_oidc_client["test"]["client_id"]])
config = vault.identity.get_oidc_openid_config_output(name=provider.name)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const key = new vault.identity.OidcKey("key", {
allowedClientIds: ["*"],
rotationPeriod: 3600,
verificationTtl: 3600,
});
const app = new vault.identity.OidcClient("app", {
key: key.name,
redirectUris: [
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
idTokenTtl: 2400,
accessTokenTtl: 7200,
});
const provider = new vault.identity.OidcProvider("provider", {allowedClientIds: [vault_identity_oidc_client.test.client_id]});
const config = vault.identity.getOidcOpenidConfigOutput({
name: provider.name,
});
resources:
key:
type: vault:identity:OidcKey
properties:
allowedClientIds:
- '*'
rotationPeriod: 3600
verificationTtl: 3600
app:
type: vault:identity:OidcClient
properties:
key: ${key.name}
redirectUris:
- http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
- http://127.0.0.1:8251/callback
- http://127.0.0.1:8080/callback
idTokenTtl: 2400
accessTokenTtl: 7200
provider:
type: vault:identity:OidcProvider
properties:
allowedClientIds:
- ${vault_identity_oidc_client.test.client_id}
variables:
config:
Fn::Invoke:
Function: vault:identity:getOidcOpenidConfig
Arguments:
name: ${provider.name}
Using getOidcOpenidConfig
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getOidcOpenidConfig(args: GetOidcOpenidConfigArgs, opts?: InvokeOptions): Promise<GetOidcOpenidConfigResult>
function getOidcOpenidConfigOutput(args: GetOidcOpenidConfigOutputArgs, opts?: InvokeOptions): Output<GetOidcOpenidConfigResult>def get_oidc_openid_config(name: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetOidcOpenidConfigResult
def get_oidc_openid_config_output(name: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetOidcOpenidConfigResult]func GetOidcOpenidConfig(ctx *Context, args *GetOidcOpenidConfigArgs, opts ...InvokeOption) (*GetOidcOpenidConfigResult, error)
func GetOidcOpenidConfigOutput(ctx *Context, args *GetOidcOpenidConfigOutputArgs, opts ...InvokeOption) GetOidcOpenidConfigResultOutput> Note: This function is named GetOidcOpenidConfig in the Go SDK.
public static class GetOidcOpenidConfig
{
public static Task<GetOidcOpenidConfigResult> InvokeAsync(GetOidcOpenidConfigArgs args, InvokeOptions? opts = null)
public static Output<GetOidcOpenidConfigResult> Invoke(GetOidcOpenidConfigInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetOidcOpenidConfigResult> getOidcOpenidConfig(GetOidcOpenidConfigArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: vault:identity/getOidcOpenidConfig:getOidcOpenidConfig
arguments:
# arguments dictionaryThe following arguments are supported:
getOidcOpenidConfig Result
The following output properties are available:
- string
The Authorization Endpoint for the provider.
- Grant
Types List<string>Supporteds The grant types supported by the provider.
- Id string
The provider-assigned unique ID for this managed resource.
- Id
Token List<string>Signing Alg Values Supporteds The signing algorithms supported by the provider.
- Issuer string
The URL of the issuer for the provider.
- Jwks
Uri string The well known keys URI for the provider.
- Name string
- Request
Uri boolParameter Supported Specifies whether Request URI Parameter is supported by the provider.
- Response
Types List<string>Supporteds The response types supported by the provider.
- Scopes
Supporteds List<string> The scopes supported by the provider.
- Subject
Types List<string>Supporteds The subject types supported by the provider.
- Token
Endpoint string The Token Endpoint for the provider.
- Token
Endpoint List<string>Auth Methods Supporteds The token endpoint auth methods supported by the provider.
- Userinfo
Endpoint string The User Info Endpoint for the provider
- Namespace string
- string
The Authorization Endpoint for the provider.
- Grant
Types []stringSupporteds The grant types supported by the provider.
- Id string
The provider-assigned unique ID for this managed resource.
- Id
Token []stringSigning Alg Values Supporteds The signing algorithms supported by the provider.
- Issuer string
The URL of the issuer for the provider.
- Jwks
Uri string The well known keys URI for the provider.
- Name string
- Request
Uri boolParameter Supported Specifies whether Request URI Parameter is supported by the provider.
- Response
Types []stringSupporteds The response types supported by the provider.
- Scopes
Supporteds []string The scopes supported by the provider.
- Subject
Types []stringSupporteds The subject types supported by the provider.
- Token
Endpoint string The Token Endpoint for the provider.
- Token
Endpoint []stringAuth Methods Supporteds The token endpoint auth methods supported by the provider.
- Userinfo
Endpoint string The User Info Endpoint for the provider
- Namespace string
- String
The Authorization Endpoint for the provider.
- grant
Types List<String>Supporteds The grant types supported by the provider.
- id String
The provider-assigned unique ID for this managed resource.
- id
Token List<String>Signing Alg Values Supporteds The signing algorithms supported by the provider.
- issuer String
The URL of the issuer for the provider.
- jwks
Uri String The well known keys URI for the provider.
- name String
- request
Uri BooleanParameter Supported Specifies whether Request URI Parameter is supported by the provider.
- response
Types List<String>Supporteds The response types supported by the provider.
- scopes
Supporteds List<String> The scopes supported by the provider.
- subject
Types List<String>Supporteds The subject types supported by the provider.
- token
Endpoint String The Token Endpoint for the provider.
- token
Endpoint List<String>Auth Methods Supporteds The token endpoint auth methods supported by the provider.
- userinfo
Endpoint String The User Info Endpoint for the provider
- namespace String
- string
The Authorization Endpoint for the provider.
- grant
Types string[]Supporteds The grant types supported by the provider.
- id string
The provider-assigned unique ID for this managed resource.
- id
Token string[]Signing Alg Values Supporteds The signing algorithms supported by the provider.
- issuer string
The URL of the issuer for the provider.
- jwks
Uri string The well known keys URI for the provider.
- name string
- request
Uri booleanParameter Supported Specifies whether Request URI Parameter is supported by the provider.
- response
Types string[]Supporteds The response types supported by the provider.
- scopes
Supporteds string[] The scopes supported by the provider.
- subject
Types string[]Supporteds The subject types supported by the provider.
- token
Endpoint string The Token Endpoint for the provider.
- token
Endpoint string[]Auth Methods Supporteds The token endpoint auth methods supported by the provider.
- userinfo
Endpoint string The User Info Endpoint for the provider
- namespace string
- str
The Authorization Endpoint for the provider.
- grant_
types_ Sequence[str]supporteds The grant types supported by the provider.
- id str
The provider-assigned unique ID for this managed resource.
- id_
token_ Sequence[str]signing_ alg_ values_ supporteds The signing algorithms supported by the provider.
- issuer str
The URL of the issuer for the provider.
- jwks_
uri str The well known keys URI for the provider.
- name str
- request_
uri_ boolparameter_ supported Specifies whether Request URI Parameter is supported by the provider.
- response_
types_ Sequence[str]supporteds The response types supported by the provider.
- scopes_
supporteds Sequence[str] The scopes supported by the provider.
- subject_
types_ Sequence[str]supporteds The subject types supported by the provider.
- token_
endpoint str The Token Endpoint for the provider.
- token_
endpoint_ Sequence[str]auth_ methods_ supporteds The token endpoint auth methods supported by the provider.
- userinfo_
endpoint str The User Info Endpoint for the provider
- namespace str
- String
The Authorization Endpoint for the provider.
- grant
Types List<String>Supporteds The grant types supported by the provider.
- id String
The provider-assigned unique ID for this managed resource.
- id
Token List<String>Signing Alg Values Supporteds The signing algorithms supported by the provider.
- issuer String
The URL of the issuer for the provider.
- jwks
Uri String The well known keys URI for the provider.
- name String
- request
Uri BooleanParameter Supported Specifies whether Request URI Parameter is supported by the provider.
- response
Types List<String>Supporteds The response types supported by the provider.
- scopes
Supporteds List<String> The scopes supported by the provider.
- subject
Types List<String>Supporteds The subject types supported by the provider.
- token
Endpoint String The Token Endpoint for the provider.
- token
Endpoint List<String>Auth Methods Supporteds The token endpoint auth methods supported by the provider.
- userinfo
Endpoint String The User Info Endpoint for the provider
- namespace String
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
vaultTerraform Provider.