HashiCorp Vault

Pulumi Official
Package maintained by Pulumi
v5.6.0 published on Tuesday, Aug 16, 2022 by Pulumi

getOidcOpenidConfig

Example Usage

using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var key = new Vault.Identity.OidcKey("key", new()
    {
        AllowedClientIds = new[]
        {
            "*",
        },
        RotationPeriod = 3600,
        VerificationTtl = 3600,
    });

    var app = new Vault.Identity.OidcClient("app", new()
    {
        Key = key.Name,
        RedirectUris = new[]
        {
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        },
        IdTokenTtl = 2400,
        AccessTokenTtl = 7200,
    });

    var provider = new Vault.Identity.OidcProvider("provider", new()
    {
        AllowedClientIds = new[]
        {
            vault_identity_oidc_client.Test.Client_id,
        },
    });

    var config = Vault.Identity.GetOidcOpenidConfig.Invoke(new()
    {
        Name = provider.Name,
    });

});
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/identity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
			AllowedClientIds: pulumi.StringArray{
				pulumi.String("*"),
			},
			RotationPeriod:  pulumi.Int(3600),
			VerificationTtl: pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
			Key: key.Name,
			RedirectUris: pulumi.StringArray{
				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
				pulumi.String("http://127.0.0.1:8251/callback"),
				pulumi.String("http://127.0.0.1:8080/callback"),
			},
			IdTokenTtl:     pulumi.Int(2400),
			AccessTokenTtl: pulumi.Int(7200),
		})
		if err != nil {
			return err
		}
		provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
			AllowedClientIds: pulumi.StringArray{
				pulumi.Any(vault_identity_oidc_client.Test.Client_id),
			},
		})
		if err != nil {
			return err
		}
		_ = identity.GetOidcOpenidConfigOutput(ctx, identity.GetOidcOpenidConfigOutputArgs{
			Name: provider.Name,
		}, nil)
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import com.pulumi.vault.identity.OidcProvider;
import com.pulumi.vault.identity.OidcProviderArgs;
import com.pulumi.vault.identity.IdentityFunctions;
import com.pulumi.vault.identity.inputs.GetOidcOpenidConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var key = new OidcKey("key", OidcKeyArgs.builder()        
            .allowedClientIds("*")
            .rotationPeriod(3600)
            .verificationTtl(3600)
            .build());

        var app = new OidcClient("app", OidcClientArgs.builder()        
            .key(key.name())
            .redirectUris(            
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback")
            .idTokenTtl(2400)
            .accessTokenTtl(7200)
            .build());

        var provider = new OidcProvider("provider", OidcProviderArgs.builder()        
            .allowedClientIds(vault_identity_oidc_client.test().client_id())
            .build());

        final var config = IdentityFunctions.getOidcOpenidConfig(GetOidcOpenidConfigArgs.builder()
            .name(provider.name())
            .build());

    }
}
import pulumi
import pulumi_vault as vault

key = vault.identity.OidcKey("key",
    allowed_client_ids=["*"],
    rotation_period=3600,
    verification_ttl=3600)
app = vault.identity.OidcClient("app",
    key=key.name,
    redirect_uris=[
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    id_token_ttl=2400,
    access_token_ttl=7200)
provider = vault.identity.OidcProvider("provider", allowed_client_ids=[vault_identity_oidc_client["test"]["client_id"]])
config = vault.identity.get_oidc_openid_config_output(name=provider.name)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const key = new vault.identity.OidcKey("key", {
    allowedClientIds: ["*"],
    rotationPeriod: 3600,
    verificationTtl: 3600,
});
const app = new vault.identity.OidcClient("app", {
    key: key.name,
    redirectUris: [
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    idTokenTtl: 2400,
    accessTokenTtl: 7200,
});
const provider = new vault.identity.OidcProvider("provider", {allowedClientIds: [vault_identity_oidc_client.test.client_id]});
const config = vault.identity.getOidcOpenidConfigOutput({
    name: provider.name,
});
resources:
  key:
    type: vault:identity:OidcKey
    properties:
      allowedClientIds:
        - '*'
      rotationPeriod: 3600
      verificationTtl: 3600
  app:
    type: vault:identity:OidcClient
    properties:
      key: ${key.name}
      redirectUris:
        - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
        - http://127.0.0.1:8251/callback
        - http://127.0.0.1:8080/callback
      idTokenTtl: 2400
      accessTokenTtl: 7200
  provider:
    type: vault:identity:OidcProvider
    properties:
      allowedClientIds:
        - ${vault_identity_oidc_client.test.client_id}
variables:
  config:
    Fn::Invoke:
      Function: vault:identity:getOidcOpenidConfig
      Arguments:
        name: ${provider.name}

Using getOidcOpenidConfig

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getOidcOpenidConfig(args: GetOidcOpenidConfigArgs, opts?: InvokeOptions): Promise<GetOidcOpenidConfigResult>
function getOidcOpenidConfigOutput(args: GetOidcOpenidConfigOutputArgs, opts?: InvokeOptions): Output<GetOidcOpenidConfigResult>
def get_oidc_openid_config(name: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetOidcOpenidConfigResult
def get_oidc_openid_config_output(name: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetOidcOpenidConfigResult]
func GetOidcOpenidConfig(ctx *Context, args *GetOidcOpenidConfigArgs, opts ...InvokeOption) (*GetOidcOpenidConfigResult, error)
func GetOidcOpenidConfigOutput(ctx *Context, args *GetOidcOpenidConfigOutputArgs, opts ...InvokeOption) GetOidcOpenidConfigResultOutput

> Note: This function is named GetOidcOpenidConfig in the Go SDK.

public static class GetOidcOpenidConfig 
{
    public static Task<GetOidcOpenidConfigResult> InvokeAsync(GetOidcOpenidConfigArgs args, InvokeOptions? opts = null)
    public static Output<GetOidcOpenidConfigResult> Invoke(GetOidcOpenidConfigInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetOidcOpenidConfigResult> getOidcOpenidConfig(GetOidcOpenidConfigArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: vault:identity/getOidcOpenidConfig:getOidcOpenidConfig
  Arguments:
    # Arguments dictionary

The following arguments are supported:

Name string

The name of the OIDC Provider in Vault.

Name string

The name of the OIDC Provider in Vault.

name String

The name of the OIDC Provider in Vault.

name string

The name of the OIDC Provider in Vault.

name str

The name of the OIDC Provider in Vault.

name String

The name of the OIDC Provider in Vault.

getOidcOpenidConfig Result

The following output properties are available:

AuthorizationEndpoint string

The Authorization Endpoint for the provider.

GrantTypesSupporteds List<string>

The grant types supported by the provider.

Id string

The provider-assigned unique ID for this managed resource.

IdTokenSigningAlgValuesSupporteds List<string>

The signing algorithms supported by the provider.

Issuer string

The URL of the issuer for the provider.

JwksUri string

The well known keys URI for the provider.

Name string
RequestUriParameterSupported bool

Specifies whether Request URI Parameter is supported by the provider.

ResponseTypesSupporteds List<string>

The response types supported by the provider.

ScopesSupporteds List<string>

The scopes supported by the provider.

SubjectTypesSupporteds List<string>

The subject types supported by the provider.

TokenEndpoint string

The Token Endpoint for the provider.

TokenEndpointAuthMethodsSupporteds List<string>

The token endpoint auth methods supported by the provider.

UserinfoEndpoint string

The User Info Endpoint for the provider

AuthorizationEndpoint string

The Authorization Endpoint for the provider.

GrantTypesSupporteds []string

The grant types supported by the provider.

Id string

The provider-assigned unique ID for this managed resource.

IdTokenSigningAlgValuesSupporteds []string

The signing algorithms supported by the provider.

Issuer string

The URL of the issuer for the provider.

JwksUri string

The well known keys URI for the provider.

Name string
RequestUriParameterSupported bool

Specifies whether Request URI Parameter is supported by the provider.

ResponseTypesSupporteds []string

The response types supported by the provider.

ScopesSupporteds []string

The scopes supported by the provider.

SubjectTypesSupporteds []string

The subject types supported by the provider.

TokenEndpoint string

The Token Endpoint for the provider.

TokenEndpointAuthMethodsSupporteds []string

The token endpoint auth methods supported by the provider.

UserinfoEndpoint string

The User Info Endpoint for the provider

authorizationEndpoint String

The Authorization Endpoint for the provider.

grantTypesSupporteds List<String>

The grant types supported by the provider.

id String

The provider-assigned unique ID for this managed resource.

idTokenSigningAlgValuesSupporteds List<String>

The signing algorithms supported by the provider.

issuer String

The URL of the issuer for the provider.

jwksUri String

The well known keys URI for the provider.

name String
requestUriParameterSupported Boolean

Specifies whether Request URI Parameter is supported by the provider.

responseTypesSupporteds List<String>

The response types supported by the provider.

scopesSupporteds List<String>

The scopes supported by the provider.

subjectTypesSupporteds List<String>

The subject types supported by the provider.

tokenEndpoint String

The Token Endpoint for the provider.

tokenEndpointAuthMethodsSupporteds List<String>

The token endpoint auth methods supported by the provider.

userinfoEndpoint String

The User Info Endpoint for the provider

authorizationEndpoint string

The Authorization Endpoint for the provider.

grantTypesSupporteds string[]

The grant types supported by the provider.

id string

The provider-assigned unique ID for this managed resource.

idTokenSigningAlgValuesSupporteds string[]

The signing algorithms supported by the provider.

issuer string

The URL of the issuer for the provider.

jwksUri string

The well known keys URI for the provider.

name string
requestUriParameterSupported boolean

Specifies whether Request URI Parameter is supported by the provider.

responseTypesSupporteds string[]

The response types supported by the provider.

scopesSupporteds string[]

The scopes supported by the provider.

subjectTypesSupporteds string[]

The subject types supported by the provider.

tokenEndpoint string

The Token Endpoint for the provider.

tokenEndpointAuthMethodsSupporteds string[]

The token endpoint auth methods supported by the provider.

userinfoEndpoint string

The User Info Endpoint for the provider

authorization_endpoint str

The Authorization Endpoint for the provider.

grant_types_supporteds Sequence[str]

The grant types supported by the provider.

id str

The provider-assigned unique ID for this managed resource.

id_token_signing_alg_values_supporteds Sequence[str]

The signing algorithms supported by the provider.

issuer str

The URL of the issuer for the provider.

jwks_uri str

The well known keys URI for the provider.

name str
request_uri_parameter_supported bool

Specifies whether Request URI Parameter is supported by the provider.

response_types_supporteds Sequence[str]

The response types supported by the provider.

scopes_supporteds Sequence[str]

The scopes supported by the provider.

subject_types_supporteds Sequence[str]

The subject types supported by the provider.

token_endpoint str

The Token Endpoint for the provider.

token_endpoint_auth_methods_supporteds Sequence[str]

The token endpoint auth methods supported by the provider.

userinfo_endpoint str

The User Info Endpoint for the provider

authorizationEndpoint String

The Authorization Endpoint for the provider.

grantTypesSupporteds List<String>

The grant types supported by the provider.

id String

The provider-assigned unique ID for this managed resource.

idTokenSigningAlgValuesSupporteds List<String>

The signing algorithms supported by the provider.

issuer String

The URL of the issuer for the provider.

jwksUri String

The well known keys URI for the provider.

name String
requestUriParameterSupported Boolean

Specifies whether Request URI Parameter is supported by the provider.

responseTypesSupporteds List<String>

The response types supported by the provider.

scopesSupporteds List<String>

The scopes supported by the provider.

subjectTypesSupporteds List<String>

The subject types supported by the provider.

tokenEndpoint String

The Token Endpoint for the provider.

tokenEndpointAuthMethodsSupporteds List<String>

The token endpoint auth methods supported by the provider.

userinfoEndpoint String

The User Info Endpoint for the provider

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes

This Pulumi package is based on the vault Terraform Provider.