1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. identity
  5. getOidcOpenidConfig
HashiCorp Vault v6.1.1 published on Wednesday, Jun 5, 2024 by Pulumi

vault.identity.getOidcOpenidConfig

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.1.1 published on Wednesday, Jun 5, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const key = new vault.identity.OidcKey("key", {
        name: "key",
        allowedClientIds: ["*"],
        rotationPeriod: 3600,
        verificationTtl: 3600,
    });
    const app = new vault.identity.OidcClient("app", {
        name: "application",
        key: key.name,
        redirectUris: [
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        idTokenTtl: 2400,
        accessTokenTtl: 7200,
    });
    const provider = new vault.identity.OidcProvider("provider", {
        name: "provider",
        allowedClientIds: [test.clientId],
    });
    const config = vault.identity.getOidcOpenidConfigOutput({
        name: provider.name,
    });
    
    import pulumi
    import pulumi_vault as vault
    
    key = vault.identity.OidcKey("key",
        name="key",
        allowed_client_ids=["*"],
        rotation_period=3600,
        verification_ttl=3600)
    app = vault.identity.OidcClient("app",
        name="application",
        key=key.name,
        redirect_uris=[
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        id_token_ttl=2400,
        access_token_ttl=7200)
    provider = vault.identity.OidcProvider("provider",
        name="provider",
        allowed_client_ids=[test["clientId"]])
    config = vault.identity.get_oidc_openid_config_output(name=provider.name)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
    			Name: pulumi.String("key"),
    			AllowedClientIds: pulumi.StringArray{
    				pulumi.String("*"),
    			},
    			RotationPeriod:  pulumi.Int(3600),
    			VerificationTtl: pulumi.Int(3600),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
    			Name: pulumi.String("application"),
    			Key:  key.Name,
    			RedirectUris: pulumi.StringArray{
    				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
    				pulumi.String("http://127.0.0.1:8251/callback"),
    				pulumi.String("http://127.0.0.1:8080/callback"),
    			},
    			IdTokenTtl:     pulumi.Int(2400),
    			AccessTokenTtl: pulumi.Int(7200),
    		})
    		if err != nil {
    			return err
    		}
    		provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
    			Name: pulumi.String("provider"),
    			AllowedClientIds: pulumi.StringArray{
    				test.ClientId,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_ = identity.GetOidcOpenidConfigOutput(ctx, identity.GetOidcOpenidConfigOutputArgs{
    			Name: provider.Name,
    		}, nil)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var key = new Vault.Identity.OidcKey("key", new()
        {
            Name = "key",
            AllowedClientIds = new[]
            {
                "*",
            },
            RotationPeriod = 3600,
            VerificationTtl = 3600,
        });
    
        var app = new Vault.Identity.OidcClient("app", new()
        {
            Name = "application",
            Key = key.Name,
            RedirectUris = new[]
            {
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback",
            },
            IdTokenTtl = 2400,
            AccessTokenTtl = 7200,
        });
    
        var provider = new Vault.Identity.OidcProvider("provider", new()
        {
            Name = "provider",
            AllowedClientIds = new[]
            {
                test.ClientId,
            },
        });
    
        var config = Vault.Identity.GetOidcOpenidConfig.Invoke(new()
        {
            Name = provider.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.identity.OidcKey;
    import com.pulumi.vault.identity.OidcKeyArgs;
    import com.pulumi.vault.identity.OidcClient;
    import com.pulumi.vault.identity.OidcClientArgs;
    import com.pulumi.vault.identity.OidcProvider;
    import com.pulumi.vault.identity.OidcProviderArgs;
    import com.pulumi.vault.identity.IdentityFunctions;
    import com.pulumi.vault.identity.inputs.GetOidcOpenidConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var key = new OidcKey("key", OidcKeyArgs.builder()
                .name("key")
                .allowedClientIds("*")
                .rotationPeriod(3600)
                .verificationTtl(3600)
                .build());
    
            var app = new OidcClient("app", OidcClientArgs.builder()
                .name("application")
                .key(key.name())
                .redirectUris(            
                    "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                    "http://127.0.0.1:8251/callback",
                    "http://127.0.0.1:8080/callback")
                .idTokenTtl(2400)
                .accessTokenTtl(7200)
                .build());
    
            var provider = new OidcProvider("provider", OidcProviderArgs.builder()
                .name("provider")
                .allowedClientIds(test.clientId())
                .build());
    
            final var config = IdentityFunctions.getOidcOpenidConfig(GetOidcOpenidConfigArgs.builder()
                .name(provider.name())
                .build());
    
        }
    }
    
    resources:
      key:
        type: vault:identity:OidcKey
        properties:
          name: key
          allowedClientIds:
            - '*'
          rotationPeriod: 3600
          verificationTtl: 3600
      app:
        type: vault:identity:OidcClient
        properties:
          name: application
          key: ${key.name}
          redirectUris:
            - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
            - http://127.0.0.1:8251/callback
            - http://127.0.0.1:8080/callback
          idTokenTtl: 2400
          accessTokenTtl: 7200
      provider:
        type: vault:identity:OidcProvider
        properties:
          name: provider
          allowedClientIds:
            - ${test.clientId}
    variables:
      config:
        fn::invoke:
          Function: vault:identity:getOidcOpenidConfig
          Arguments:
            name: ${provider.name}
    

    Using getOidcOpenidConfig

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getOidcOpenidConfig(args: GetOidcOpenidConfigArgs, opts?: InvokeOptions): Promise<GetOidcOpenidConfigResult>
    function getOidcOpenidConfigOutput(args: GetOidcOpenidConfigOutputArgs, opts?: InvokeOptions): Output<GetOidcOpenidConfigResult>
    def get_oidc_openid_config(name: Optional[str] = None,
                               namespace: Optional[str] = None,
                               opts: Optional[InvokeOptions] = None) -> GetOidcOpenidConfigResult
    def get_oidc_openid_config_output(name: Optional[pulumi.Input[str]] = None,
                               namespace: Optional[pulumi.Input[str]] = None,
                               opts: Optional[InvokeOptions] = None) -> Output[GetOidcOpenidConfigResult]
    func GetOidcOpenidConfig(ctx *Context, args *GetOidcOpenidConfigArgs, opts ...InvokeOption) (*GetOidcOpenidConfigResult, error)
    func GetOidcOpenidConfigOutput(ctx *Context, args *GetOidcOpenidConfigOutputArgs, opts ...InvokeOption) GetOidcOpenidConfigResultOutput

    > Note: This function is named GetOidcOpenidConfig in the Go SDK.

    public static class GetOidcOpenidConfig 
    {
        public static Task<GetOidcOpenidConfigResult> InvokeAsync(GetOidcOpenidConfigArgs args, InvokeOptions? opts = null)
        public static Output<GetOidcOpenidConfigResult> Invoke(GetOidcOpenidConfigInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetOidcOpenidConfigResult> getOidcOpenidConfig(GetOidcOpenidConfigArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:identity/getOidcOpenidConfig:getOidcOpenidConfig
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Name string
    The name of the OIDC Provider in Vault.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Name string
    The name of the OIDC Provider in Vault.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name String
    The name of the OIDC Provider in Vault.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name string
    The name of the OIDC Provider in Vault.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name str
    The name of the OIDC Provider in Vault.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name String
    The name of the OIDC Provider in Vault.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    getOidcOpenidConfig Result

    The following output properties are available:

    AuthorizationEndpoint string
    The Authorization Endpoint for the provider.
    GrantTypesSupporteds List<string>
    The grant types supported by the provider.
    Id string
    The provider-assigned unique ID for this managed resource.
    IdTokenSigningAlgValuesSupporteds List<string>
    The signing algorithms supported by the provider.
    Issuer string
    The URL of the issuer for the provider.
    JwksUri string
    The well known keys URI for the provider.
    Name string
    RequestUriParameterSupported bool
    Specifies whether Request URI Parameter is supported by the provider.
    ResponseTypesSupporteds List<string>
    The response types supported by the provider.
    ScopesSupporteds List<string>
    The scopes supported by the provider.
    SubjectTypesSupporteds List<string>
    The subject types supported by the provider.
    TokenEndpoint string
    The Token Endpoint for the provider.
    TokenEndpointAuthMethodsSupporteds List<string>
    The token endpoint auth methods supported by the provider.
    UserinfoEndpoint string
    The User Info Endpoint for the provider
    Namespace string
    AuthorizationEndpoint string
    The Authorization Endpoint for the provider.
    GrantTypesSupporteds []string
    The grant types supported by the provider.
    Id string
    The provider-assigned unique ID for this managed resource.
    IdTokenSigningAlgValuesSupporteds []string
    The signing algorithms supported by the provider.
    Issuer string
    The URL of the issuer for the provider.
    JwksUri string
    The well known keys URI for the provider.
    Name string
    RequestUriParameterSupported bool
    Specifies whether Request URI Parameter is supported by the provider.
    ResponseTypesSupporteds []string
    The response types supported by the provider.
    ScopesSupporteds []string
    The scopes supported by the provider.
    SubjectTypesSupporteds []string
    The subject types supported by the provider.
    TokenEndpoint string
    The Token Endpoint for the provider.
    TokenEndpointAuthMethodsSupporteds []string
    The token endpoint auth methods supported by the provider.
    UserinfoEndpoint string
    The User Info Endpoint for the provider
    Namespace string
    authorizationEndpoint String
    The Authorization Endpoint for the provider.
    grantTypesSupporteds List<String>
    The grant types supported by the provider.
    id String
    The provider-assigned unique ID for this managed resource.
    idTokenSigningAlgValuesSupporteds List<String>
    The signing algorithms supported by the provider.
    issuer String
    The URL of the issuer for the provider.
    jwksUri String
    The well known keys URI for the provider.
    name String
    requestUriParameterSupported Boolean
    Specifies whether Request URI Parameter is supported by the provider.
    responseTypesSupporteds List<String>
    The response types supported by the provider.
    scopesSupporteds List<String>
    The scopes supported by the provider.
    subjectTypesSupporteds List<String>
    The subject types supported by the provider.
    tokenEndpoint String
    The Token Endpoint for the provider.
    tokenEndpointAuthMethodsSupporteds List<String>
    The token endpoint auth methods supported by the provider.
    userinfoEndpoint String
    The User Info Endpoint for the provider
    namespace String
    authorizationEndpoint string
    The Authorization Endpoint for the provider.
    grantTypesSupporteds string[]
    The grant types supported by the provider.
    id string
    The provider-assigned unique ID for this managed resource.
    idTokenSigningAlgValuesSupporteds string[]
    The signing algorithms supported by the provider.
    issuer string
    The URL of the issuer for the provider.
    jwksUri string
    The well known keys URI for the provider.
    name string
    requestUriParameterSupported boolean
    Specifies whether Request URI Parameter is supported by the provider.
    responseTypesSupporteds string[]
    The response types supported by the provider.
    scopesSupporteds string[]
    The scopes supported by the provider.
    subjectTypesSupporteds string[]
    The subject types supported by the provider.
    tokenEndpoint string
    The Token Endpoint for the provider.
    tokenEndpointAuthMethodsSupporteds string[]
    The token endpoint auth methods supported by the provider.
    userinfoEndpoint string
    The User Info Endpoint for the provider
    namespace string
    authorization_endpoint str
    The Authorization Endpoint for the provider.
    grant_types_supporteds Sequence[str]
    The grant types supported by the provider.
    id str
    The provider-assigned unique ID for this managed resource.
    id_token_signing_alg_values_supporteds Sequence[str]
    The signing algorithms supported by the provider.
    issuer str
    The URL of the issuer for the provider.
    jwks_uri str
    The well known keys URI for the provider.
    name str
    request_uri_parameter_supported bool
    Specifies whether Request URI Parameter is supported by the provider.
    response_types_supporteds Sequence[str]
    The response types supported by the provider.
    scopes_supporteds Sequence[str]
    The scopes supported by the provider.
    subject_types_supporteds Sequence[str]
    The subject types supported by the provider.
    token_endpoint str
    The Token Endpoint for the provider.
    token_endpoint_auth_methods_supporteds Sequence[str]
    The token endpoint auth methods supported by the provider.
    userinfo_endpoint str
    The User Info Endpoint for the provider
    namespace str
    authorizationEndpoint String
    The Authorization Endpoint for the provider.
    grantTypesSupporteds List<String>
    The grant types supported by the provider.
    id String
    The provider-assigned unique ID for this managed resource.
    idTokenSigningAlgValuesSupporteds List<String>
    The signing algorithms supported by the provider.
    issuer String
    The URL of the issuer for the provider.
    jwksUri String
    The well known keys URI for the provider.
    name String
    requestUriParameterSupported Boolean
    Specifies whether Request URI Parameter is supported by the provider.
    responseTypesSupporteds List<String>
    The response types supported by the provider.
    scopesSupporteds List<String>
    The scopes supported by the provider.
    subjectTypesSupporteds List<String>
    The subject types supported by the provider.
    tokenEndpoint String
    The Token Endpoint for the provider.
    tokenEndpointAuthMethodsSupporteds List<String>
    The token endpoint auth methods supported by the provider.
    userinfoEndpoint String
    The User Info Endpoint for the provider
    namespace String

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.1.1 published on Wednesday, Jun 5, 2024 by Pulumi