vault logo
HashiCorp Vault v5.10.0, Mar 21 23

vault.identity.getOidcPublicKeys

Example Usage

using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var key = new Vault.Identity.OidcKey("key", new()
    {
        AllowedClientIds = new[]
        {
            "*",
        },
        RotationPeriod = 3600,
        VerificationTtl = 3600,
    });

    var app = new Vault.Identity.OidcClient("app", new()
    {
        Key = key.Name,
        RedirectUris = new[]
        {
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        },
        IdTokenTtl = 2400,
        AccessTokenTtl = 7200,
    });

    var provider = new Vault.Identity.OidcProvider("provider", new()
    {
        AllowedClientIds = new[]
        {
            vault_identity_oidc_client.Test.Client_id,
        },
    });

    var publicKeys = Vault.Identity.GetOidcPublicKeys.Invoke(new()
    {
        Name = provider.Name,
    });

});
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/identity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
			AllowedClientIds: pulumi.StringArray{
				pulumi.String("*"),
			},
			RotationPeriod:  pulumi.Int(3600),
			VerificationTtl: pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
			Key: key.Name,
			RedirectUris: pulumi.StringArray{
				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
				pulumi.String("http://127.0.0.1:8251/callback"),
				pulumi.String("http://127.0.0.1:8080/callback"),
			},
			IdTokenTtl:     pulumi.Int(2400),
			AccessTokenTtl: pulumi.Int(7200),
		})
		if err != nil {
			return err
		}
		provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
			AllowedClientIds: pulumi.StringArray{
				pulumi.Any(vault_identity_oidc_client.Test.Client_id),
			},
		})
		if err != nil {
			return err
		}
		_ = identity.GetOidcPublicKeysOutput(ctx, identity.GetOidcPublicKeysOutputArgs{
			Name: provider.Name,
		}, nil)
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import com.pulumi.vault.identity.OidcProvider;
import com.pulumi.vault.identity.OidcProviderArgs;
import com.pulumi.vault.identity.IdentityFunctions;
import com.pulumi.vault.identity.inputs.GetOidcPublicKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var key = new OidcKey("key", OidcKeyArgs.builder()        
            .allowedClientIds("*")
            .rotationPeriod(3600)
            .verificationTtl(3600)
            .build());

        var app = new OidcClient("app", OidcClientArgs.builder()        
            .key(key.name())
            .redirectUris(            
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback")
            .idTokenTtl(2400)
            .accessTokenTtl(7200)
            .build());

        var provider = new OidcProvider("provider", OidcProviderArgs.builder()        
            .allowedClientIds(vault_identity_oidc_client.test().client_id())
            .build());

        final var publicKeys = IdentityFunctions.getOidcPublicKeys(GetOidcPublicKeysArgs.builder()
            .name(provider.name())
            .build());

    }
}
import pulumi
import pulumi_vault as vault

key = vault.identity.OidcKey("key",
    allowed_client_ids=["*"],
    rotation_period=3600,
    verification_ttl=3600)
app = vault.identity.OidcClient("app",
    key=key.name,
    redirect_uris=[
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    id_token_ttl=2400,
    access_token_ttl=7200)
provider = vault.identity.OidcProvider("provider", allowed_client_ids=[vault_identity_oidc_client["test"]["client_id"]])
public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const key = new vault.identity.OidcKey("key", {
    allowedClientIds: ["*"],
    rotationPeriod: 3600,
    verificationTtl: 3600,
});
const app = new vault.identity.OidcClient("app", {
    key: key.name,
    redirectUris: [
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    idTokenTtl: 2400,
    accessTokenTtl: 7200,
});
const provider = new vault.identity.OidcProvider("provider", {allowedClientIds: [vault_identity_oidc_client.test.client_id]});
const publicKeys = vault.identity.getOidcPublicKeysOutput({
    name: provider.name,
});
resources:
  key:
    type: vault:identity:OidcKey
    properties:
      allowedClientIds:
        - '*'
      rotationPeriod: 3600
      verificationTtl: 3600
  app:
    type: vault:identity:OidcClient
    properties:
      key: ${key.name}
      redirectUris:
        - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
        - http://127.0.0.1:8251/callback
        - http://127.0.0.1:8080/callback
      idTokenTtl: 2400
      accessTokenTtl: 7200
  provider:
    type: vault:identity:OidcProvider
    properties:
      allowedClientIds:
        - ${vault_identity_oidc_client.test.client_id}
variables:
  publicKeys:
    Fn::Invoke:
      Function: vault:identity:getOidcPublicKeys
      Arguments:
        name: ${provider.name}

Using getOidcPublicKeys

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getOidcPublicKeys(args: GetOidcPublicKeysArgs, opts?: InvokeOptions): Promise<GetOidcPublicKeysResult>
function getOidcPublicKeysOutput(args: GetOidcPublicKeysOutputArgs, opts?: InvokeOptions): Output<GetOidcPublicKeysResult>
def get_oidc_public_keys(name: Optional[str] = None,
                         namespace: Optional[str] = None,
                         opts: Optional[InvokeOptions] = None) -> GetOidcPublicKeysResult
def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
                         namespace: Optional[pulumi.Input[str]] = None,
                         opts: Optional[InvokeOptions] = None) -> Output[GetOidcPublicKeysResult]
func GetOidcPublicKeys(ctx *Context, args *GetOidcPublicKeysArgs, opts ...InvokeOption) (*GetOidcPublicKeysResult, error)
func GetOidcPublicKeysOutput(ctx *Context, args *GetOidcPublicKeysOutputArgs, opts ...InvokeOption) GetOidcPublicKeysResultOutput

> Note: This function is named GetOidcPublicKeys in the Go SDK.

public static class GetOidcPublicKeys 
{
    public static Task<GetOidcPublicKeysResult> InvokeAsync(GetOidcPublicKeysArgs args, InvokeOptions? opts = null)
    public static Output<GetOidcPublicKeysResult> Invoke(GetOidcPublicKeysInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetOidcPublicKeysResult> getOidcPublicKeys(GetOidcPublicKeysArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: vault:identity/getOidcPublicKeys:getOidcPublicKeys
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string

The name of the OIDC Provider in Vault.

Namespace string

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Name string

The name of the OIDC Provider in Vault.

Namespace string

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name String

The name of the OIDC Provider in Vault.

namespace String

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name string

The name of the OIDC Provider in Vault.

namespace string

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name str

The name of the OIDC Provider in Vault.

namespace str

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name String

The name of the OIDC Provider in Vault.

namespace String

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

getOidcPublicKeys Result

The following output properties are available:

Id string

The provider-assigned unique ID for this managed resource.

Keys List<ImmutableDictionary<string, object>>

The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.

Name string
Namespace string
Id string

The provider-assigned unique ID for this managed resource.

Keys []map[string]interface{}

The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.

Name string
Namespace string
id String

The provider-assigned unique ID for this managed resource.

keys List<Map<String,Object>>

The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.

name String
namespace String
id string

The provider-assigned unique ID for this managed resource.

keys {[key: string]: any}[]

The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.

name string
namespace string
id str

The provider-assigned unique ID for this managed resource.

keys Sequence[Mapping[str, Any]]

The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.

name str
namespace str
id String

The provider-assigned unique ID for this managed resource.

keys List<Map<Any>>

The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.

name String
namespace String

Package Details

Repository
Vault pulumi/pulumi-vault
License
Apache-2.0
Notes

This Pulumi package is based on the vault Terraform Provider.