1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. identity
  5. OidcClient
HashiCorp Vault v6.0.0 published on Monday, Mar 25, 2024 by Pulumi

vault.identity.OidcClient

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.0.0 published on Monday, Mar 25, 2024 by Pulumi

    Manages OIDC Clients in a Vault server. See the Vault documentation for more information.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const testOidcAssignment = new vault.identity.OidcAssignment("testOidcAssignment", {
        entityIds: ["ascbascas-2231a-sdfaa"],
        groupIds: ["sajkdsad-32414-sfsada"],
    });
    const testOidcClient = new vault.identity.OidcClient("testOidcClient", {
        redirectUris: [
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        assignments: [testOidcAssignment.name],
        idTokenTtl: 2400,
        accessTokenTtl: 7200,
    });
    
    import pulumi
    import pulumi_vault as vault
    
    test_oidc_assignment = vault.identity.OidcAssignment("testOidcAssignment",
        entity_ids=["ascbascas-2231a-sdfaa"],
        group_ids=["sajkdsad-32414-sfsada"])
    test_oidc_client = vault.identity.OidcClient("testOidcClient",
        redirect_uris=[
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        assignments=[test_oidc_assignment.name],
        id_token_ttl=2400,
        access_token_ttl=7200)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		testOidcAssignment, err := identity.NewOidcAssignment(ctx, "testOidcAssignment", &identity.OidcAssignmentArgs{
    			EntityIds: pulumi.StringArray{
    				pulumi.String("ascbascas-2231a-sdfaa"),
    			},
    			GroupIds: pulumi.StringArray{
    				pulumi.String("sajkdsad-32414-sfsada"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = identity.NewOidcClient(ctx, "testOidcClient", &identity.OidcClientArgs{
    			RedirectUris: pulumi.StringArray{
    				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
    				pulumi.String("http://127.0.0.1:8251/callback"),
    				pulumi.String("http://127.0.0.1:8080/callback"),
    			},
    			Assignments: pulumi.StringArray{
    				testOidcAssignment.Name,
    			},
    			IdTokenTtl:     pulumi.Int(2400),
    			AccessTokenTtl: pulumi.Int(7200),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var testOidcAssignment = new Vault.Identity.OidcAssignment("testOidcAssignment", new()
        {
            EntityIds = new[]
            {
                "ascbascas-2231a-sdfaa",
            },
            GroupIds = new[]
            {
                "sajkdsad-32414-sfsada",
            },
        });
    
        var testOidcClient = new Vault.Identity.OidcClient("testOidcClient", new()
        {
            RedirectUris = new[]
            {
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback",
            },
            Assignments = new[]
            {
                testOidcAssignment.Name,
            },
            IdTokenTtl = 2400,
            AccessTokenTtl = 7200,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.identity.OidcAssignment;
    import com.pulumi.vault.identity.OidcAssignmentArgs;
    import com.pulumi.vault.identity.OidcClient;
    import com.pulumi.vault.identity.OidcClientArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testOidcAssignment = new OidcAssignment("testOidcAssignment", OidcAssignmentArgs.builder()        
                .entityIds("ascbascas-2231a-sdfaa")
                .groupIds("sajkdsad-32414-sfsada")
                .build());
    
            var testOidcClient = new OidcClient("testOidcClient", OidcClientArgs.builder()        
                .redirectUris(            
                    "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                    "http://127.0.0.1:8251/callback",
                    "http://127.0.0.1:8080/callback")
                .assignments(testOidcAssignment.name())
                .idTokenTtl(2400)
                .accessTokenTtl(7200)
                .build());
    
        }
    }
    
    resources:
      testOidcAssignment:
        type: vault:identity:OidcAssignment
        properties:
          entityIds:
            - ascbascas-2231a-sdfaa
          groupIds:
            - sajkdsad-32414-sfsada
      testOidcClient:
        type: vault:identity:OidcClient
        properties:
          redirectUris:
            - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
            - http://127.0.0.1:8251/callback
            - http://127.0.0.1:8080/callback
          assignments:
            - ${testOidcAssignment.name}
          idTokenTtl: 2400
          accessTokenTtl: 7200
    

    Create OidcClient Resource

    new OidcClient(name: string, args?: OidcClientArgs, opts?: CustomResourceOptions);
    @overload
    def OidcClient(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   access_token_ttl: Optional[int] = None,
                   assignments: Optional[Sequence[str]] = None,
                   client_type: Optional[str] = None,
                   id_token_ttl: Optional[int] = None,
                   key: Optional[str] = None,
                   name: Optional[str] = None,
                   namespace: Optional[str] = None,
                   redirect_uris: Optional[Sequence[str]] = None)
    @overload
    def OidcClient(resource_name: str,
                   args: Optional[OidcClientArgs] = None,
                   opts: Optional[ResourceOptions] = None)
    func NewOidcClient(ctx *Context, name string, args *OidcClientArgs, opts ...ResourceOption) (*OidcClient, error)
    public OidcClient(string name, OidcClientArgs? args = null, CustomResourceOptions? opts = null)
    public OidcClient(String name, OidcClientArgs args)
    public OidcClient(String name, OidcClientArgs args, CustomResourceOptions options)
    
    type: vault:identity:OidcClient
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    OidcClient Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The OidcClient resource accepts the following input properties:

    AccessTokenTtl int
    The time-to-live for access tokens obtained by the client.
    Assignments List<string>
    A list of assignment resources associated with the client.
    ClientType string
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    IdTokenTtl int
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    Key string
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    Name string
    The name of the client.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RedirectUris List<string>
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    AccessTokenTtl int
    The time-to-live for access tokens obtained by the client.
    Assignments []string
    A list of assignment resources associated with the client.
    ClientType string
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    IdTokenTtl int
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    Key string
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    Name string
    The name of the client.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RedirectUris []string
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    accessTokenTtl Integer
    The time-to-live for access tokens obtained by the client.
    assignments List<String>
    A list of assignment resources associated with the client.
    clientType String
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    idTokenTtl Integer
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key String
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name String
    The name of the client.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirectUris List<String>
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    accessTokenTtl number
    The time-to-live for access tokens obtained by the client.
    assignments string[]
    A list of assignment resources associated with the client.
    clientType string
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    idTokenTtl number
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key string
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name string
    The name of the client.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirectUris string[]
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    access_token_ttl int
    The time-to-live for access tokens obtained by the client.
    assignments Sequence[str]
    A list of assignment resources associated with the client.
    client_type str
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    id_token_ttl int
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key str
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name str
    The name of the client.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirect_uris Sequence[str]
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    accessTokenTtl Number
    The time-to-live for access tokens obtained by the client.
    assignments List<String>
    A list of assignment resources associated with the client.
    clientType String
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    idTokenTtl Number
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key String
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name String
    The name of the client.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirectUris List<String>
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the OidcClient resource produces the following output properties:

    ClientId string
    The Client ID returned by Vault.
    ClientSecret string
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    Id string
    The provider-assigned unique ID for this managed resource.
    ClientId string
    The Client ID returned by Vault.
    ClientSecret string
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    Id string
    The provider-assigned unique ID for this managed resource.
    clientId String
    The Client ID returned by Vault.
    clientSecret String
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    id String
    The provider-assigned unique ID for this managed resource.
    clientId string
    The Client ID returned by Vault.
    clientSecret string
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    id string
    The provider-assigned unique ID for this managed resource.
    client_id str
    The Client ID returned by Vault.
    client_secret str
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    id str
    The provider-assigned unique ID for this managed resource.
    clientId String
    The Client ID returned by Vault.
    clientSecret String
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing OidcClient Resource

    Get an existing OidcClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: OidcClientState, opts?: CustomResourceOptions): OidcClient
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_token_ttl: Optional[int] = None,
            assignments: Optional[Sequence[str]] = None,
            client_id: Optional[str] = None,
            client_secret: Optional[str] = None,
            client_type: Optional[str] = None,
            id_token_ttl: Optional[int] = None,
            key: Optional[str] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            redirect_uris: Optional[Sequence[str]] = None) -> OidcClient
    func GetOidcClient(ctx *Context, name string, id IDInput, state *OidcClientState, opts ...ResourceOption) (*OidcClient, error)
    public static OidcClient Get(string name, Input<string> id, OidcClientState? state, CustomResourceOptions? opts = null)
    public static OidcClient get(String name, Output<String> id, OidcClientState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessTokenTtl int
    The time-to-live for access tokens obtained by the client.
    Assignments List<string>
    A list of assignment resources associated with the client.
    ClientId string
    The Client ID returned by Vault.
    ClientSecret string
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    ClientType string
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    IdTokenTtl int
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    Key string
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    Name string
    The name of the client.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RedirectUris List<string>
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    AccessTokenTtl int
    The time-to-live for access tokens obtained by the client.
    Assignments []string
    A list of assignment resources associated with the client.
    ClientId string
    The Client ID returned by Vault.
    ClientSecret string
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    ClientType string
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    IdTokenTtl int
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    Key string
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    Name string
    The name of the client.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RedirectUris []string
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    accessTokenTtl Integer
    The time-to-live for access tokens obtained by the client.
    assignments List<String>
    A list of assignment resources associated with the client.
    clientId String
    The Client ID returned by Vault.
    clientSecret String
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    clientType String
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    idTokenTtl Integer
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key String
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name String
    The name of the client.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirectUris List<String>
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    accessTokenTtl number
    The time-to-live for access tokens obtained by the client.
    assignments string[]
    A list of assignment resources associated with the client.
    clientId string
    The Client ID returned by Vault.
    clientSecret string
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    clientType string
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    idTokenTtl number
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key string
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name string
    The name of the client.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirectUris string[]
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    access_token_ttl int
    The time-to-live for access tokens obtained by the client.
    assignments Sequence[str]
    A list of assignment resources associated with the client.
    client_id str
    The Client ID returned by Vault.
    client_secret str
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    client_type str
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    id_token_ttl int
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key str
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name str
    The name of the client.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirect_uris Sequence[str]
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.
    accessTokenTtl Number
    The time-to-live for access tokens obtained by the client.
    assignments List<String>
    A list of assignment resources associated with the client.
    clientId String
    The Client ID returned by Vault.
    clientSecret String
    The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
    clientType String
    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
    idTokenTtl Number
    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
    key String
    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
    name String
    The name of the client.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    redirectUris List<String>
    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    Import

    OIDC Clients can be imported using the name, e.g.

    $ pulumi import vault:identity/oidcClient:OidcClient test my-app
    

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.0.0 published on Monday, Mar 25, 2024 by Pulumi