1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. identity
  5. OidcProvider
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

vault.identity.OidcProvider

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

    Manages OIDC Providers in a Vault server. See the Vault documentation for more information.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const test = new vault.identity.OidcKey("test", {
        name: "my-key",
        allowedClientIds: ["*"],
        rotationPeriod: 3600,
        verificationTtl: 3600,
    });
    const testOidcAssignment = new vault.identity.OidcAssignment("test", {
        name: "my-assignment",
        entityIds: ["fake-ascbascas-2231a-sdfaa"],
        groupIds: ["fake-sajkdsad-32414-sfsada"],
    });
    const testOidcClient = new vault.identity.OidcClient("test", {
        name: "application",
        key: test.name,
        redirectUris: [
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        assignments: [testOidcAssignment.name],
        idTokenTtl: 2400,
        accessTokenTtl: 7200,
    });
    const testOidcScope = new vault.identity.OidcScope("test", {
        name: "groups",
        template: JSON.stringify({
            groups: "{{identity.entity.groups.names}}",
        }),
        description: "Groups scope.",
    });
    const testOidcProvider = new vault.identity.OidcProvider("test", {
        name: "my-provider",
        httpsEnabled: false,
        issuerHost: "127.0.0.1:8200",
        allowedClientIds: [testOidcClient.clientId],
        scopesSupporteds: [testOidcScope.name],
    });
    
    import pulumi
    import json
    import pulumi_vault as vault
    
    test = vault.identity.OidcKey("test",
        name="my-key",
        allowed_client_ids=["*"],
        rotation_period=3600,
        verification_ttl=3600)
    test_oidc_assignment = vault.identity.OidcAssignment("test",
        name="my-assignment",
        entity_ids=["fake-ascbascas-2231a-sdfaa"],
        group_ids=["fake-sajkdsad-32414-sfsada"])
    test_oidc_client = vault.identity.OidcClient("test",
        name="application",
        key=test.name,
        redirect_uris=[
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        assignments=[test_oidc_assignment.name],
        id_token_ttl=2400,
        access_token_ttl=7200)
    test_oidc_scope = vault.identity.OidcScope("test",
        name="groups",
        template=json.dumps({
            "groups": "{{identity.entity.groups.names}}",
        }),
        description="Groups scope.")
    test_oidc_provider = vault.identity.OidcProvider("test",
        name="my-provider",
        https_enabled=False,
        issuer_host="127.0.0.1:8200",
        allowed_client_ids=[test_oidc_client.client_id],
        scopes_supporteds=[test_oidc_scope.name])
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		test, err := identity.NewOidcKey(ctx, "test", &identity.OidcKeyArgs{
    			Name: pulumi.String("my-key"),
    			AllowedClientIds: pulumi.StringArray{
    				pulumi.String("*"),
    			},
    			RotationPeriod:  pulumi.Int(3600),
    			VerificationTtl: pulumi.Int(3600),
    		})
    		if err != nil {
    			return err
    		}
    		testOidcAssignment, err := identity.NewOidcAssignment(ctx, "test", &identity.OidcAssignmentArgs{
    			Name: pulumi.String("my-assignment"),
    			EntityIds: pulumi.StringArray{
    				pulumi.String("fake-ascbascas-2231a-sdfaa"),
    			},
    			GroupIds: pulumi.StringArray{
    				pulumi.String("fake-sajkdsad-32414-sfsada"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		testOidcClient, err := identity.NewOidcClient(ctx, "test", &identity.OidcClientArgs{
    			Name: pulumi.String("application"),
    			Key:  test.Name,
    			RedirectUris: pulumi.StringArray{
    				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
    				pulumi.String("http://127.0.0.1:8251/callback"),
    				pulumi.String("http://127.0.0.1:8080/callback"),
    			},
    			Assignments: pulumi.StringArray{
    				testOidcAssignment.Name,
    			},
    			IdTokenTtl:     pulumi.Int(2400),
    			AccessTokenTtl: pulumi.Int(7200),
    		})
    		if err != nil {
    			return err
    		}
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"groups": "{{identity.entity.groups.names}}",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		testOidcScope, err := identity.NewOidcScope(ctx, "test", &identity.OidcScopeArgs{
    			Name:        pulumi.String("groups"),
    			Template:    pulumi.String(json0),
    			Description: pulumi.String("Groups scope."),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = identity.NewOidcProvider(ctx, "test", &identity.OidcProviderArgs{
    			Name:         pulumi.String("my-provider"),
    			HttpsEnabled: pulumi.Bool(false),
    			IssuerHost:   pulumi.String("127.0.0.1:8200"),
    			AllowedClientIds: pulumi.StringArray{
    				testOidcClient.ClientId,
    			},
    			ScopesSupporteds: pulumi.StringArray{
    				testOidcScope.Name,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Vault.Identity.OidcKey("test", new()
        {
            Name = "my-key",
            AllowedClientIds = new[]
            {
                "*",
            },
            RotationPeriod = 3600,
            VerificationTtl = 3600,
        });
    
        var testOidcAssignment = new Vault.Identity.OidcAssignment("test", new()
        {
            Name = "my-assignment",
            EntityIds = new[]
            {
                "fake-ascbascas-2231a-sdfaa",
            },
            GroupIds = new[]
            {
                "fake-sajkdsad-32414-sfsada",
            },
        });
    
        var testOidcClient = new Vault.Identity.OidcClient("test", new()
        {
            Name = "application",
            Key = test.Name,
            RedirectUris = new[]
            {
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback",
            },
            Assignments = new[]
            {
                testOidcAssignment.Name,
            },
            IdTokenTtl = 2400,
            AccessTokenTtl = 7200,
        });
    
        var testOidcScope = new Vault.Identity.OidcScope("test", new()
        {
            Name = "groups",
            Template = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["groups"] = "{{identity.entity.groups.names}}",
            }),
            Description = "Groups scope.",
        });
    
        var testOidcProvider = new Vault.Identity.OidcProvider("test", new()
        {
            Name = "my-provider",
            HttpsEnabled = false,
            IssuerHost = "127.0.0.1:8200",
            AllowedClientIds = new[]
            {
                testOidcClient.ClientId,
            },
            ScopesSupporteds = new[]
            {
                testOidcScope.Name,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.identity.OidcKey;
    import com.pulumi.vault.identity.OidcKeyArgs;
    import com.pulumi.vault.identity.OidcAssignment;
    import com.pulumi.vault.identity.OidcAssignmentArgs;
    import com.pulumi.vault.identity.OidcClient;
    import com.pulumi.vault.identity.OidcClientArgs;
    import com.pulumi.vault.identity.OidcScope;
    import com.pulumi.vault.identity.OidcScopeArgs;
    import com.pulumi.vault.identity.OidcProvider;
    import com.pulumi.vault.identity.OidcProviderArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new OidcKey("test", OidcKeyArgs.builder()
                .name("my-key")
                .allowedClientIds("*")
                .rotationPeriod(3600)
                .verificationTtl(3600)
                .build());
    
            var testOidcAssignment = new OidcAssignment("testOidcAssignment", OidcAssignmentArgs.builder()
                .name("my-assignment")
                .entityIds("fake-ascbascas-2231a-sdfaa")
                .groupIds("fake-sajkdsad-32414-sfsada")
                .build());
    
            var testOidcClient = new OidcClient("testOidcClient", OidcClientArgs.builder()
                .name("application")
                .key(test.name())
                .redirectUris(            
                    "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                    "http://127.0.0.1:8251/callback",
                    "http://127.0.0.1:8080/callback")
                .assignments(testOidcAssignment.name())
                .idTokenTtl(2400)
                .accessTokenTtl(7200)
                .build());
    
            var testOidcScope = new OidcScope("testOidcScope", OidcScopeArgs.builder()
                .name("groups")
                .template(serializeJson(
                    jsonObject(
                        jsonProperty("groups", "{{identity.entity.groups.names}}")
                    )))
                .description("Groups scope.")
                .build());
    
            var testOidcProvider = new OidcProvider("testOidcProvider", OidcProviderArgs.builder()
                .name("my-provider")
                .httpsEnabled(false)
                .issuerHost("127.0.0.1:8200")
                .allowedClientIds(testOidcClient.clientId())
                .scopesSupporteds(testOidcScope.name())
                .build());
    
        }
    }
    
    resources:
      test:
        type: vault:identity:OidcKey
        properties:
          name: my-key
          allowedClientIds:
            - '*'
          rotationPeriod: 3600
          verificationTtl: 3600
      testOidcAssignment:
        type: vault:identity:OidcAssignment
        name: test
        properties:
          name: my-assignment
          entityIds:
            - fake-ascbascas-2231a-sdfaa
          groupIds:
            - fake-sajkdsad-32414-sfsada
      testOidcClient:
        type: vault:identity:OidcClient
        name: test
        properties:
          name: application
          key: ${test.name}
          redirectUris:
            - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
            - http://127.0.0.1:8251/callback
            - http://127.0.0.1:8080/callback
          assignments:
            - ${testOidcAssignment.name}
          idTokenTtl: 2400
          accessTokenTtl: 7200
      testOidcScope:
        type: vault:identity:OidcScope
        name: test
        properties:
          name: groups
          template:
            fn::toJSON:
              groups: '{{identity.entity.groups.names}}'
          description: Groups scope.
      testOidcProvider:
        type: vault:identity:OidcProvider
        name: test
        properties:
          name: my-provider
          httpsEnabled: false
          issuerHost: 127.0.0.1:8200
          allowedClientIds:
            - ${testOidcClient.clientId}
          scopesSupporteds:
            - ${testOidcScope.name}
    

    Create OidcProvider Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new OidcProvider(name: string, args?: OidcProviderArgs, opts?: CustomResourceOptions);
    @overload
    def OidcProvider(resource_name: str,
                     args: Optional[OidcProviderArgs] = None,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def OidcProvider(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     allowed_client_ids: Optional[Sequence[str]] = None,
                     https_enabled: Optional[bool] = None,
                     issuer_host: Optional[str] = None,
                     name: Optional[str] = None,
                     namespace: Optional[str] = None,
                     scopes_supporteds: Optional[Sequence[str]] = None)
    func NewOidcProvider(ctx *Context, name string, args *OidcProviderArgs, opts ...ResourceOption) (*OidcProvider, error)
    public OidcProvider(string name, OidcProviderArgs? args = null, CustomResourceOptions? opts = null)
    public OidcProvider(String name, OidcProviderArgs args)
    public OidcProvider(String name, OidcProviderArgs args, CustomResourceOptions options)
    
    type: vault:identity:OidcProvider
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args OidcProviderArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OidcProviderArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OidcProviderArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OidcProviderArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OidcProviderArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var oidcProviderResource = new Vault.Identity.OidcProvider("oidcProviderResource", new()
    {
        AllowedClientIds = new[]
        {
            "string",
        },
        HttpsEnabled = false,
        IssuerHost = "string",
        Name = "string",
        Namespace = "string",
        ScopesSupporteds = new[]
        {
            "string",
        },
    });
    
    example, err := identity.NewOidcProvider(ctx, "oidcProviderResource", &identity.OidcProviderArgs{
    	AllowedClientIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	HttpsEnabled: pulumi.Bool(false),
    	IssuerHost:   pulumi.String("string"),
    	Name:         pulumi.String("string"),
    	Namespace:    pulumi.String("string"),
    	ScopesSupporteds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var oidcProviderResource = new OidcProvider("oidcProviderResource", OidcProviderArgs.builder()
        .allowedClientIds("string")
        .httpsEnabled(false)
        .issuerHost("string")
        .name("string")
        .namespace("string")
        .scopesSupporteds("string")
        .build());
    
    oidc_provider_resource = vault.identity.OidcProvider("oidcProviderResource",
        allowed_client_ids=["string"],
        https_enabled=False,
        issuer_host="string",
        name="string",
        namespace="string",
        scopes_supporteds=["string"])
    
    const oidcProviderResource = new vault.identity.OidcProvider("oidcProviderResource", {
        allowedClientIds: ["string"],
        httpsEnabled: false,
        issuerHost: "string",
        name: "string",
        namespace: "string",
        scopesSupporteds: ["string"],
    });
    
    type: vault:identity:OidcProvider
    properties:
        allowedClientIds:
            - string
        httpsEnabled: false
        issuerHost: string
        name: string
        namespace: string
        scopesSupporteds:
            - string
    

    OidcProvider Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The OidcProvider resource accepts the following input properties:

    AllowedClientIds List<string>
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    HttpsEnabled bool
    Set to true if the issuer endpoint uses HTTPS.
    IssuerHost string
    The host for the issuer. Can be either host or host:port.
    Name string
    The name of the provider.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ScopesSupporteds List<string>
    The scopes available for requesting on the provider.
    AllowedClientIds []string
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    HttpsEnabled bool
    Set to true if the issuer endpoint uses HTTPS.
    IssuerHost string
    The host for the issuer. Can be either host or host:port.
    Name string
    The name of the provider.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ScopesSupporteds []string
    The scopes available for requesting on the provider.
    allowedClientIds List<String>
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    httpsEnabled Boolean
    Set to true if the issuer endpoint uses HTTPS.
    issuerHost String
    The host for the issuer. Can be either host or host:port.
    name String
    The name of the provider.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopesSupporteds List<String>
    The scopes available for requesting on the provider.
    allowedClientIds string[]
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    httpsEnabled boolean
    Set to true if the issuer endpoint uses HTTPS.
    issuerHost string
    The host for the issuer. Can be either host or host:port.
    name string
    The name of the provider.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopesSupporteds string[]
    The scopes available for requesting on the provider.
    allowed_client_ids Sequence[str]
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    https_enabled bool
    Set to true if the issuer endpoint uses HTTPS.
    issuer_host str
    The host for the issuer. Can be either host or host:port.
    name str
    The name of the provider.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopes_supporteds Sequence[str]
    The scopes available for requesting on the provider.
    allowedClientIds List<String>
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    httpsEnabled Boolean
    Set to true if the issuer endpoint uses HTTPS.
    issuerHost String
    The host for the issuer. Can be either host or host:port.
    name String
    The name of the provider.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopesSupporteds List<String>
    The scopes available for requesting on the provider.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the OidcProvider resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Issuer string
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    Id string
    The provider-assigned unique ID for this managed resource.
    Issuer string
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    id String
    The provider-assigned unique ID for this managed resource.
    issuer String
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    id string
    The provider-assigned unique ID for this managed resource.
    issuer string
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    id str
    The provider-assigned unique ID for this managed resource.
    issuer str
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    id String
    The provider-assigned unique ID for this managed resource.
    issuer String
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.

    Look up Existing OidcProvider Resource

    Get an existing OidcProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: OidcProviderState, opts?: CustomResourceOptions): OidcProvider
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_client_ids: Optional[Sequence[str]] = None,
            https_enabled: Optional[bool] = None,
            issuer: Optional[str] = None,
            issuer_host: Optional[str] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            scopes_supporteds: Optional[Sequence[str]] = None) -> OidcProvider
    func GetOidcProvider(ctx *Context, name string, id IDInput, state *OidcProviderState, opts ...ResourceOption) (*OidcProvider, error)
    public static OidcProvider Get(string name, Input<string> id, OidcProviderState? state, CustomResourceOptions? opts = null)
    public static OidcProvider get(String name, Output<String> id, OidcProviderState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedClientIds List<string>
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    HttpsEnabled bool
    Set to true if the issuer endpoint uses HTTPS.
    Issuer string
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    IssuerHost string
    The host for the issuer. Can be either host or host:port.
    Name string
    The name of the provider.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ScopesSupporteds List<string>
    The scopes available for requesting on the provider.
    AllowedClientIds []string
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    HttpsEnabled bool
    Set to true if the issuer endpoint uses HTTPS.
    Issuer string
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    IssuerHost string
    The host for the issuer. Can be either host or host:port.
    Name string
    The name of the provider.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ScopesSupporteds []string
    The scopes available for requesting on the provider.
    allowedClientIds List<String>
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    httpsEnabled Boolean
    Set to true if the issuer endpoint uses HTTPS.
    issuer String
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    issuerHost String
    The host for the issuer. Can be either host or host:port.
    name String
    The name of the provider.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopesSupporteds List<String>
    The scopes available for requesting on the provider.
    allowedClientIds string[]
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    httpsEnabled boolean
    Set to true if the issuer endpoint uses HTTPS.
    issuer string
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    issuerHost string
    The host for the issuer. Can be either host or host:port.
    name string
    The name of the provider.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopesSupporteds string[]
    The scopes available for requesting on the provider.
    allowed_client_ids Sequence[str]
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    https_enabled bool
    Set to true if the issuer endpoint uses HTTPS.
    issuer str
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    issuer_host str
    The host for the issuer. Can be either host or host:port.
    name str
    The name of the provider.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopes_supporteds Sequence[str]
    The scopes available for requesting on the provider.
    allowedClientIds List<String>
    The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed.
    httpsEnabled Boolean
    Set to true if the issuer endpoint uses HTTPS.
    issuer String
    Specifies what will be used as the scheme://host:port component for the iss claim of ID tokens. This value is computed using the issuer_host and https_enabled fields.
    issuerHost String
    The host for the issuer. Can be either host or host:port.
    name String
    The name of the provider.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    scopesSupporteds List<String>
    The scopes available for requesting on the provider.

    Import

    OIDC Providers can be imported using the name, e.g.

    $ pulumi import vault:identity/oidcProvider:OidcProvider test my-provider
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi