1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. identity
  5. OidcClient
HashiCorp Vault v5.15.0 published on Friday, Sep 8, 2023 by Pulumi

vault.identity.OidcClient

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.15.0 published on Friday, Sep 8, 2023 by Pulumi

    Manages OIDC Clients in a Vault server. See the Vault documentation for more information.

    Example Usage

    using System.Collections.Generic;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var testOidcAssignment = new Vault.Identity.OidcAssignment("testOidcAssignment", new()
        {
            EntityIds = new[]
            {
                "ascbascas-2231a-sdfaa",
            },
            GroupIds = new[]
            {
                "sajkdsad-32414-sfsada",
            },
        });
    
        var testOidcClient = new Vault.Identity.OidcClient("testOidcClient", new()
        {
            RedirectUris = new[]
            {
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback",
            },
            Assignments = new[]
            {
                testOidcAssignment.Name,
            },
            IdTokenTtl = 2400,
            AccessTokenTtl = 7200,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		testOidcAssignment, err := identity.NewOidcAssignment(ctx, "testOidcAssignment", &identity.OidcAssignmentArgs{
    			EntityIds: pulumi.StringArray{
    				pulumi.String("ascbascas-2231a-sdfaa"),
    			},
    			GroupIds: pulumi.StringArray{
    				pulumi.String("sajkdsad-32414-sfsada"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = identity.NewOidcClient(ctx, "testOidcClient", &identity.OidcClientArgs{
    			RedirectUris: pulumi.StringArray{
    				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
    				pulumi.String("http://127.0.0.1:8251/callback"),
    				pulumi.String("http://127.0.0.1:8080/callback"),
    			},
    			Assignments: pulumi.StringArray{
    				testOidcAssignment.Name,
    			},
    			IdTokenTtl:     pulumi.Int(2400),
    			AccessTokenTtl: pulumi.Int(7200),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.identity.OidcAssignment;
    import com.pulumi.vault.identity.OidcAssignmentArgs;
    import com.pulumi.vault.identity.OidcClient;
    import com.pulumi.vault.identity.OidcClientArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testOidcAssignment = new OidcAssignment("testOidcAssignment", OidcAssignmentArgs.builder()        
                .entityIds("ascbascas-2231a-sdfaa")
                .groupIds("sajkdsad-32414-sfsada")
                .build());
    
            var testOidcClient = new OidcClient("testOidcClient", OidcClientArgs.builder()        
                .redirectUris(            
                    "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                    "http://127.0.0.1:8251/callback",
                    "http://127.0.0.1:8080/callback")
                .assignments(testOidcAssignment.name())
                .idTokenTtl(2400)
                .accessTokenTtl(7200)
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_vault as vault
    
    test_oidc_assignment = vault.identity.OidcAssignment("testOidcAssignment",
        entity_ids=["ascbascas-2231a-sdfaa"],
        group_ids=["sajkdsad-32414-sfsada"])
    test_oidc_client = vault.identity.OidcClient("testOidcClient",
        redirect_uris=[
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        assignments=[test_oidc_assignment.name],
        id_token_ttl=2400,
        access_token_ttl=7200)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const testOidcAssignment = new vault.identity.OidcAssignment("testOidcAssignment", {
        entityIds: ["ascbascas-2231a-sdfaa"],
        groupIds: ["sajkdsad-32414-sfsada"],
    });
    const testOidcClient = new vault.identity.OidcClient("testOidcClient", {
        redirectUris: [
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        assignments: [testOidcAssignment.name],
        idTokenTtl: 2400,
        accessTokenTtl: 7200,
    });
    
    resources:
      testOidcAssignment:
        type: vault:identity:OidcAssignment
        properties:
          entityIds:
            - ascbascas-2231a-sdfaa
          groupIds:
            - sajkdsad-32414-sfsada
      testOidcClient:
        type: vault:identity:OidcClient
        properties:
          redirectUris:
            - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
            - http://127.0.0.1:8251/callback
            - http://127.0.0.1:8080/callback
          assignments:
            - ${testOidcAssignment.name}
          idTokenTtl: 2400
          accessTokenTtl: 7200
    

    Create OidcClient Resource

    new OidcClient(name: string, args?: OidcClientArgs, opts?: CustomResourceOptions);
    @overload
    def OidcClient(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   access_token_ttl: Optional[int] = None,
                   assignments: Optional[Sequence[str]] = None,
                   client_type: Optional[str] = None,
                   id_token_ttl: Optional[int] = None,
                   key: Optional[str] = None,
                   name: Optional[str] = None,
                   namespace: Optional[str] = None,
                   redirect_uris: Optional[Sequence[str]] = None)
    @overload
    def OidcClient(resource_name: str,
                   args: Optional[OidcClientArgs] = None,
                   opts: Optional[ResourceOptions] = None)
    func NewOidcClient(ctx *Context, name string, args *OidcClientArgs, opts ...ResourceOption) (*OidcClient, error)
    public OidcClient(string name, OidcClientArgs? args = null, CustomResourceOptions? opts = null)
    public OidcClient(String name, OidcClientArgs args)
    public OidcClient(String name, OidcClientArgs args, CustomResourceOptions options)
    
    type: vault:identity:OidcClient
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OidcClientArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    OidcClient Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The OidcClient resource accepts the following input properties:

    AccessTokenTtl int

    The time-to-live for access tokens obtained by the client.

    Assignments List<string>

    A list of assignment resources associated with the client.

    ClientType string

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    IdTokenTtl int

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    Key string

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    Name string

    The name of the client.

    Namespace string

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    RedirectUris List<string>

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    AccessTokenTtl int

    The time-to-live for access tokens obtained by the client.

    Assignments []string

    A list of assignment resources associated with the client.

    ClientType string

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    IdTokenTtl int

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    Key string

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    Name string

    The name of the client.

    Namespace string

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    RedirectUris []string

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    accessTokenTtl Integer

    The time-to-live for access tokens obtained by the client.

    assignments List<String>

    A list of assignment resources associated with the client.

    clientType String

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    idTokenTtl Integer

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key String

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name String

    The name of the client.

    namespace String

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirectUris List<String>

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    accessTokenTtl number

    The time-to-live for access tokens obtained by the client.

    assignments string[]

    A list of assignment resources associated with the client.

    clientType string

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    idTokenTtl number

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key string

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name string

    The name of the client.

    namespace string

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirectUris string[]

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    access_token_ttl int

    The time-to-live for access tokens obtained by the client.

    assignments Sequence[str]

    A list of assignment resources associated with the client.

    client_type str

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    id_token_ttl int

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key str

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name str

    The name of the client.

    namespace str

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirect_uris Sequence[str]

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    accessTokenTtl Number

    The time-to-live for access tokens obtained by the client.

    assignments List<String>

    A list of assignment resources associated with the client.

    clientType String

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    idTokenTtl Number

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key String

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name String

    The name of the client.

    namespace String

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirectUris List<String>

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the OidcClient resource produces the following output properties:

    ClientId string

    The Client ID from Vault.

    ClientSecret string

    The Client Secret from Vault.

    Id string

    The provider-assigned unique ID for this managed resource.

    ClientId string

    The Client ID from Vault.

    ClientSecret string

    The Client Secret from Vault.

    Id string

    The provider-assigned unique ID for this managed resource.

    clientId String

    The Client ID from Vault.

    clientSecret String

    The Client Secret from Vault.

    id String

    The provider-assigned unique ID for this managed resource.

    clientId string

    The Client ID from Vault.

    clientSecret string

    The Client Secret from Vault.

    id string

    The provider-assigned unique ID for this managed resource.

    client_id str

    The Client ID from Vault.

    client_secret str

    The Client Secret from Vault.

    id str

    The provider-assigned unique ID for this managed resource.

    clientId String

    The Client ID from Vault.

    clientSecret String

    The Client Secret from Vault.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing OidcClient Resource

    Get an existing OidcClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: OidcClientState, opts?: CustomResourceOptions): OidcClient
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_token_ttl: Optional[int] = None,
            assignments: Optional[Sequence[str]] = None,
            client_id: Optional[str] = None,
            client_secret: Optional[str] = None,
            client_type: Optional[str] = None,
            id_token_ttl: Optional[int] = None,
            key: Optional[str] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            redirect_uris: Optional[Sequence[str]] = None) -> OidcClient
    func GetOidcClient(ctx *Context, name string, id IDInput, state *OidcClientState, opts ...ResourceOption) (*OidcClient, error)
    public static OidcClient Get(string name, Input<string> id, OidcClientState? state, CustomResourceOptions? opts = null)
    public static OidcClient get(String name, Output<String> id, OidcClientState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessTokenTtl int

    The time-to-live for access tokens obtained by the client.

    Assignments List<string>

    A list of assignment resources associated with the client.

    ClientId string

    The Client ID from Vault.

    ClientSecret string

    The Client Secret from Vault.

    ClientType string

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    IdTokenTtl int

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    Key string

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    Name string

    The name of the client.

    Namespace string

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    RedirectUris List<string>

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    AccessTokenTtl int

    The time-to-live for access tokens obtained by the client.

    Assignments []string

    A list of assignment resources associated with the client.

    ClientId string

    The Client ID from Vault.

    ClientSecret string

    The Client Secret from Vault.

    ClientType string

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    IdTokenTtl int

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    Key string

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    Name string

    The name of the client.

    Namespace string

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    RedirectUris []string

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    accessTokenTtl Integer

    The time-to-live for access tokens obtained by the client.

    assignments List<String>

    A list of assignment resources associated with the client.

    clientId String

    The Client ID from Vault.

    clientSecret String

    The Client Secret from Vault.

    clientType String

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    idTokenTtl Integer

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key String

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name String

    The name of the client.

    namespace String

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirectUris List<String>

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    accessTokenTtl number

    The time-to-live for access tokens obtained by the client.

    assignments string[]

    A list of assignment resources associated with the client.

    clientId string

    The Client ID from Vault.

    clientSecret string

    The Client Secret from Vault.

    clientType string

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    idTokenTtl number

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key string

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name string

    The name of the client.

    namespace string

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirectUris string[]

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    access_token_ttl int

    The time-to-live for access tokens obtained by the client.

    assignments Sequence[str]

    A list of assignment resources associated with the client.

    client_id str

    The Client ID from Vault.

    client_secret str

    The Client Secret from Vault.

    client_type str

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    id_token_ttl int

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key str

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name str

    The name of the client.

    namespace str

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirect_uris Sequence[str]

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    accessTokenTtl Number

    The time-to-live for access tokens obtained by the client.

    assignments List<String>

    A list of assignment resources associated with the client.

    clientId String

    The Client ID from Vault.

    clientSecret String

    The Client Secret from Vault.

    clientType String

    The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

    idTokenTtl Number

    The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

    key String

    A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

    name String

    The name of the client.

    namespace String

    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    redirectUris List<String>

    Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

    Import

    OIDC Clients can be imported using the name, e.g.

     $ pulumi import vault:identity/oidcClient:OidcClient test my-app
    

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the vault Terraform Provider.

    vault logo
    HashiCorp Vault v5.15.0 published on Friday, Sep 8, 2023 by Pulumi