HashiCorp Vault v6.3.0, Aug 8 24

HashiCorp Vault v6.3.0 published on Thursday, Aug 8, 2024 by Pulumi

vault.identity.OidcClient

Explore with Pulumi AI

HashiCorp Vault v6.3.0 published on Thursday, Aug 8, 2024 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = new vault.identity.OidcAssignment("test", {
    name: "my-assignment",
    entityIds: ["ascbascas-2231a-sdfaa"],
    groupIds: ["sajkdsad-32414-sfsada"],
});
const testOidcClient = new vault.identity.OidcClient("test", {
    name: "my-app",
    redirectUris: [
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    assignments: [test.name],
    idTokenTtl: 2400,
    accessTokenTtl: 7200,
});

import pulumi
import pulumi_vault as vault

test = vault.identity.OidcAssignment("test",
    name="my-assignment",
    entity_ids=["ascbascas-2231a-sdfaa"],
    group_ids=["sajkdsad-32414-sfsada"])
test_oidc_client = vault.identity.OidcClient("test",
    name="my-app",
    redirect_uris=[
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    assignments=[test.name],
    id_token_ttl=2400,
    access_token_ttl=7200)

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := identity.NewOidcAssignment(ctx, "test", &identity.OidcAssignmentArgs{
			Name: pulumi.String("my-assignment"),
			EntityIds: pulumi.StringArray{
				pulumi.String("ascbascas-2231a-sdfaa"),
			},
			GroupIds: pulumi.StringArray{
				pulumi.String("sajkdsad-32414-sfsada"),
			},
		})
		if err != nil {
			return err
		}
		_, err = identity.NewOidcClient(ctx, "test", &identity.OidcClientArgs{
			Name: pulumi.String("my-app"),
			RedirectUris: pulumi.StringArray{
				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
				pulumi.String("http://127.0.0.1:8251/callback"),
				pulumi.String("http://127.0.0.1:8080/callback"),
			},
			Assignments: pulumi.StringArray{
				test.Name,
			},
			IdTokenTtl:     pulumi.Int(2400),
			AccessTokenTtl: pulumi.Int(7200),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var test = new Vault.Identity.OidcAssignment("test", new()
    {
        Name = "my-assignment",
        EntityIds = new[]
        {
            "ascbascas-2231a-sdfaa",
        },
        GroupIds = new[]
        {
            "sajkdsad-32414-sfsada",
        },
    });

    var testOidcClient = new Vault.Identity.OidcClient("test", new()
    {
        Name = "my-app",
        RedirectUris = new[]
        {
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        },
        Assignments = new[]
        {
            test.Name,
        },
        IdTokenTtl = 2400,
        AccessTokenTtl = 7200,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcAssignment;
import com.pulumi.vault.identity.OidcAssignmentArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new OidcAssignment("test", OidcAssignmentArgs.builder()
            .name("my-assignment")
            .entityIds("ascbascas-2231a-sdfaa")
            .groupIds("sajkdsad-32414-sfsada")
            .build());

        var testOidcClient = new OidcClient("testOidcClient", OidcClientArgs.builder()
            .name("my-app")
            .redirectUris(            
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback")
            .assignments(test.name())
            .idTokenTtl(2400)
            .accessTokenTtl(7200)
            .build());

    }
}

resources:
  test:
    type: vault:identity:OidcAssignment
    properties:
      name: my-assignment
      entityIds:
        - ascbascas-2231a-sdfaa
      groupIds:
        - sajkdsad-32414-sfsada
  testOidcClient:
    type: vault:identity:OidcClient
    name: test
    properties:
      name: my-app
      redirectUris:
        - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
        - http://127.0.0.1:8251/callback
        - http://127.0.0.1:8080/callback
      assignments:
        - ${test.name}
      idTokenTtl: 2400
      accessTokenTtl: 7200

Create OidcClient Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new OidcClient(name: string, args?: OidcClientArgs, opts?: CustomResourceOptions);

@overload
def OidcClient(resource_name: str,
               args: Optional[OidcClientArgs] = None,
               opts: Optional[ResourceOptions] = None)

@overload
def OidcClient(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               access_token_ttl: Optional[int] = None,
               assignments: Optional[Sequence[str]] = None,
               client_type: Optional[str] = None,
               id_token_ttl: Optional[int] = None,
               key: Optional[str] = None,
               name: Optional[str] = None,
               namespace: Optional[str] = None,
               redirect_uris: Optional[Sequence[str]] = None)

func NewOidcClient(ctx *Context, name string, args *OidcClientArgs, opts ...ResourceOption) (*OidcClient, error)

public OidcClient(string name, OidcClientArgs? args = null, CustomResourceOptions? opts = null)

public OidcClient(String name, OidcClientArgs args)
public OidcClient(String name, OidcClientArgs args, CustomResourceOptions options)

type: vault:identity:OidcClient
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args OidcClientArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OidcClientArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OidcClientArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OidcClientArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OidcClientArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var oidcClientResource = new Vault.Identity.OidcClient("oidcClientResource", new()
{
    AccessTokenTtl = 0,
    Assignments = new[]
    {
        "string",
    },
    ClientType = "string",
    IdTokenTtl = 0,
    Key = "string",
    Name = "string",
    Namespace = "string",
    RedirectUris = new[]
    {
        "string",
    },
});

example, err := identity.NewOidcClient(ctx, "oidcClientResource", &identity.OidcClientArgs{
	AccessTokenTtl: pulumi.Int(0),
	Assignments: pulumi.StringArray{
		pulumi.String("string"),
	},
	ClientType: pulumi.String("string"),
	IdTokenTtl: pulumi.Int(0),
	Key:        pulumi.String("string"),
	Name:       pulumi.String("string"),
	Namespace:  pulumi.String("string"),
	RedirectUris: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var oidcClientResource = new OidcClient("oidcClientResource", OidcClientArgs.builder()
    .accessTokenTtl(0)
    .assignments("string")
    .clientType("string")
    .idTokenTtl(0)
    .key("string")
    .name("string")
    .namespace("string")
    .redirectUris("string")
    .build());

oidc_client_resource = vault.identity.OidcClient("oidcClientResource",
    access_token_ttl=0,
    assignments=["string"],
    client_type="string",
    id_token_ttl=0,
    key="string",
    name="string",
    namespace="string",
    redirect_uris=["string"])

const oidcClientResource = new vault.identity.OidcClient("oidcClientResource", {
    accessTokenTtl: 0,
    assignments: ["string"],
    clientType: "string",
    idTokenTtl: 0,
    key: "string",
    name: "string",
    namespace: "string",
    redirectUris: ["string"],
});

type: vault:identity:OidcClient
properties:
    accessTokenTtl: 0
    assignments:
        - string
    clientType: string
    idTokenTtl: 0
    key: string
    name: string
    namespace: string
    redirectUris:
        - string

OidcClient Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The OidcClient resource accepts the following input properties:

AccessTokenTtl int: The time-to-live for access tokens obtained by the client.
Assignments List<string>: A list of assignment resources associated with the client.
ClientType string: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
IdTokenTtl int: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
Key string: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
Name string: The name of the client.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RedirectUris List<string>: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

AccessTokenTtl int: The time-to-live for access tokens obtained by the client.
Assignments []string: A list of assignment resources associated with the client.
ClientType string: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
IdTokenTtl int: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
Key string: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
Name string: The name of the client.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RedirectUris []string: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

accessTokenTtl Integer: The time-to-live for access tokens obtained by the client.
assignments List<String>: A list of assignment resources associated with the client.
clientType String: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
idTokenTtl Integer: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key String: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name String: The name of the client.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirectUris List<String>: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

accessTokenTtl number: The time-to-live for access tokens obtained by the client.
assignments string[]: A list of assignment resources associated with the client.
clientType string: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
idTokenTtl number: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key string: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name string: The name of the client.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirectUris string[]: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

access_token_ttl int: The time-to-live for access tokens obtained by the client.
assignments Sequence[str]: A list of assignment resources associated with the client.
client_type str: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
id_token_ttl int: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key str: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name str: The name of the client.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirect_uris Sequence[str]: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

accessTokenTtl Number: The time-to-live for access tokens obtained by the client.
assignments List<String>: A list of assignment resources associated with the client.
clientType String: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
idTokenTtl Number: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key String: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name String: The name of the client.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirectUris List<String>: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

Outputs

All input properties are implicitly available as output properties. Additionally, the OidcClient resource produces the following output properties:

ClientId string: The Client ID returned by Vault.
ClientSecret string: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
Id string: The provider-assigned unique ID for this managed resource.

ClientId string: The Client ID returned by Vault.
ClientSecret string: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
Id string: The provider-assigned unique ID for this managed resource.

clientId String: The Client ID returned by Vault.
clientSecret String: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
id String: The provider-assigned unique ID for this managed resource.

clientId string: The Client ID returned by Vault.
clientSecret string: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
id string: The provider-assigned unique ID for this managed resource.

client_id str: The Client ID returned by Vault.
client_secret str: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
id str: The provider-assigned unique ID for this managed resource.

clientId String: The Client ID returned by Vault.
clientSecret String: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
id String: The provider-assigned unique ID for this managed resource.

Look up Existing OidcClient Resource

Get an existing OidcClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OidcClientState, opts?: CustomResourceOptions): OidcClient

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_ttl: Optional[int] = None,
        assignments: Optional[Sequence[str]] = None,
        client_id: Optional[str] = None,
        client_secret: Optional[str] = None,
        client_type: Optional[str] = None,
        id_token_ttl: Optional[int] = None,
        key: Optional[str] = None,
        name: Optional[str] = None,
        namespace: Optional[str] = None,
        redirect_uris: Optional[Sequence[str]] = None) -> OidcClient

func GetOidcClient(ctx *Context, name string, id IDInput, state *OidcClientState, opts ...ResourceOption) (*OidcClient, error)

public static OidcClient Get(string name, Input<string> id, OidcClientState? state, CustomResourceOptions? opts = null)

public static OidcClient get(String name, Output<String> id, OidcClientState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessTokenTtl int: The time-to-live for access tokens obtained by the client.
Assignments List<string>: A list of assignment resources associated with the client.
ClientId string: The Client ID returned by Vault.
ClientSecret string: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
ClientType string: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
IdTokenTtl int: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
Key string: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
Name string: The name of the client.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RedirectUris List<string>: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

AccessTokenTtl int: The time-to-live for access tokens obtained by the client.
Assignments []string: A list of assignment resources associated with the client.
ClientId string: The Client ID returned by Vault.
ClientSecret string: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
ClientType string: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
IdTokenTtl int: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
Key string: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
Name string: The name of the client.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RedirectUris []string: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

accessTokenTtl Integer: The time-to-live for access tokens obtained by the client.
assignments List<String>: A list of assignment resources associated with the client.
clientId String: The Client ID returned by Vault.
clientSecret String: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
clientType String: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
idTokenTtl Integer: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key String: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name String: The name of the client.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirectUris List<String>: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

accessTokenTtl number: The time-to-live for access tokens obtained by the client.
assignments string[]: A list of assignment resources associated with the client.
clientId string: The Client ID returned by Vault.
clientSecret string: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
clientType string: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
idTokenTtl number: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key string: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name string: The name of the client.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirectUris string[]: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

access_token_ttl int: The time-to-live for access tokens obtained by the client.
assignments Sequence[str]: A list of assignment resources associated with the client.
client_id str: The Client ID returned by Vault.
client_secret str: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
client_type str: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
id_token_ttl int: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key str: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name str: The name of the client.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirect_uris Sequence[str]: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

accessTokenTtl Number: The time-to-live for access tokens obtained by the client.
assignments List<String>: A list of assignment resources associated with the client.
clientId String: The Client ID returned by Vault.
clientSecret String: The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""
clientType String: The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.
idTokenTtl Number: The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.
key String: A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.
name String: The name of the client.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
redirectUris List<String>: Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

Import

OIDC Clients can be imported using the name, e.g.

$ pulumi import vault:identity/oidcClient:OidcClient test my-app

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.3.0 published on Thursday, Aug 8, 2024 by Pulumi

pulumi/pulumi-vault

vault.identity.OidcClient

On this page

On this page

Example Usage

Create OidcClient Resource

Constructor syntax

Parameters

Constructor example

OidcClient Resource Properties

Inputs

Outputs

Look up Existing OidcClient Resource

Import

Package Details

On this page

On this page