pulumi-aws-kotlin/com.pulumi.aws.grafana.kotlin/WorkspaceSamlConfigurationArgs

WorkspaceSamlConfigurationArgs

data class WorkspaceSamlConfigurationArgs(val adminRoleValues: Output<List<String>>? = null, val allowedOrganizations: Output<List<String>>? = null, val editorRoleValues: Output<List<String>>? = null, val emailAssertion: Output<String>? = null, val groupsAssertion: Output<String>? = null, val idpMetadataUrl: Output<String>? = null, val idpMetadataXml: Output<String>? = null, val loginAssertion: Output<String>? = null, val loginValidityDuration: Output<Int>? = null, val nameAssertion: Output<String>? = null, val orgAssertion: Output<String>? = null, val roleAssertion: Output<String>? = null, val workspaceId: Output<String>? = null) : ConvertibleToJava<WorkspaceSamlConfigurationArgs>

Provides an Amazon Managed Grafana workspace SAML configuration resource.

Example Usage

Basic configuration

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const assume = new aws.iam.Role("assume", {
    name: "grafana-assume",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Sid: "",
            Principal: {
                Service: "grafana.amazonaws.com",
            },
        }],
    }),
});
const exampleWorkspace = new aws.grafana.Workspace("example", {
    accountAccessType: "CURRENT_ACCOUNT",
    authenticationProviders: ["SAML"],
    permissionType: "SERVICE_MANAGED",
    roleArn: assume.arn,
});
const example = new aws.grafana.WorkspaceSamlConfiguration("example", {
    editorRoleValues: ["editor"],
    idpMetadataUrl: "https://my_idp_metadata.url",
    workspaceId: exampleWorkspace.id,
});
Content copied to clipboard
import pulumi
import json
import pulumi_aws as aws
assume = aws.iam.Role("assume",
    name="grafana-assume",
    assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Sid": "",
            "Principal": {
                "Service": "grafana.amazonaws.com",
            },
        }],
    }))
example_workspace = aws.grafana.Workspace("example",
    account_access_type="CURRENT_ACCOUNT",
    authentication_providers=["SAML"],
    permission_type="SERVICE_MANAGED",
    role_arn=assume.arn)
example = aws.grafana.WorkspaceSamlConfiguration("example",
    editor_role_values=["editor"],
    idp_metadata_url="https://my_idp_metadata.url",
    workspace_id=example_workspace.id)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var assume = new Aws.Iam.Role("assume", new()
    {
        Name = "grafana-assume",
        AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
        {
            ["Version"] = "2012-10-17",
            ["Statement"] = new[]
            {
                new Dictionary<string, object?>
                {
                    ["Action"] = "sts:AssumeRole",
                    ["Effect"] = "Allow",
                    ["Sid"] = "",
                    ["Principal"] = new Dictionary<string, object?>
                    {
                        ["Service"] = "grafana.amazonaws.com",
                    },
                },
            },
        }),
    });
    var exampleWorkspace = new Aws.Grafana.Workspace("example", new()
    {
        AccountAccessType = "CURRENT_ACCOUNT",
        AuthenticationProviders = new[]
        {
            "SAML",
        },
        PermissionType = "SERVICE_MANAGED",
        RoleArn = assume.Arn,
    });
    var example = new Aws.Grafana.WorkspaceSamlConfiguration("example", new()
    {
        EditorRoleValues = new[]
        {
            "editor",
        },
        IdpMetadataUrl = "https://my_idp_metadata.url",
        WorkspaceId = exampleWorkspace.Id,
    });
});
Content copied to clipboard
package main
import (
	"encoding/json"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/grafana"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"Version": "2012-10-17",
			"Statement": []map[string]interface{}{
				map[string]interface{}{
					"Action": "sts:AssumeRole",
					"Effect": "Allow",
					"Sid":    "",
					"Principal": map[string]interface{}{
						"Service": "grafana.amazonaws.com",
					},
				},
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		assume, err := iam.NewRole(ctx, "assume", &iam.RoleArgs{
			Name:             pulumi.String("grafana-assume"),
			AssumeRolePolicy: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		exampleWorkspace, err := grafana.NewWorkspace(ctx, "example", &grafana.WorkspaceArgs{
			AccountAccessType: pulumi.String("CURRENT_ACCOUNT"),
			AuthenticationProviders: pulumi.StringArray{
				pulumi.String("SAML"),
			},
			PermissionType: pulumi.String("SERVICE_MANAGED"),
			RoleArn:        assume.Arn,
		})
		if err != nil {
			return err
		}
		_, err = grafana.NewWorkspaceSamlConfiguration(ctx, "example", &grafana.WorkspaceSamlConfigurationArgs{
			EditorRoleValues: pulumi.StringArray{
				pulumi.String("editor"),
			},
			IdpMetadataUrl: pulumi.String("https://my_idp_metadata.url"),
			WorkspaceId:    exampleWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.grafana.Workspace;
import com.pulumi.aws.grafana.WorkspaceArgs;
import com.pulumi.aws.grafana.WorkspaceSamlConfiguration;
import com.pulumi.aws.grafana.WorkspaceSamlConfigurationArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var assume = new Role("assume", RoleArgs.builder()
            .name("grafana-assume")
            .assumeRolePolicy(serializeJson(
                jsonObject(
                    jsonProperty("Version", "2012-10-17"),
                    jsonProperty("Statement", jsonArray(jsonObject(
                        jsonProperty("Action", "sts:AssumeRole"),
                        jsonProperty("Effect", "Allow"),
                        jsonProperty("Sid", ""),
                        jsonProperty("Principal", jsonObject(
                            jsonProperty("Service", "grafana.amazonaws.com")
                        ))
                    )))
                )))
            .build());
        var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
            .accountAccessType("CURRENT_ACCOUNT")
            .authenticationProviders("SAML")
            .permissionType("SERVICE_MANAGED")
            .roleArn(assume.arn())
            .build());
        var example = new WorkspaceSamlConfiguration("example", WorkspaceSamlConfigurationArgs.builder()
            .editorRoleValues("editor")
            .idpMetadataUrl("https://my_idp_metadata.url")
            .workspaceId(exampleWorkspace.id())
            .build());
    }
}
Content copied to clipboard
resources:
  example:
    type: aws:grafana:WorkspaceSamlConfiguration
    properties:
      editorRoleValues:
        - editor
      idpMetadataUrl: https://my_idp_metadata.url
      workspaceId: ${exampleWorkspace.id}
  exampleWorkspace:
    type: aws:grafana:Workspace
    name: example
    properties:
      accountAccessType: CURRENT_ACCOUNT
      authenticationProviders:
        - SAML
      permissionType: SERVICE_MANAGED
      roleArn: ${assume.arn}
  assume:
    type: aws:iam:Role
    properties:
      name: grafana-assume
      assumeRolePolicy:
        fn::toJSON:
          Version: 2012-10-17
          Statement:
            - Action: sts:AssumeRole
              Effect: Allow
              Sid: ""
              Principal:
                Service: grafana.amazonaws.com
Content copied to clipboard

Import

Using pulumi import, import Grafana Workspace SAML configuration using the workspace's id. For example:

$ pulumi import aws:grafana/workspaceSamlConfiguration:WorkspaceSamlConfiguration example g-2054c75a02
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(adminRoleValues: Output<List<String>>? = null, allowedOrganizations: Output<List<String>>? = null, editorRoleValues: Output<List<String>>? = null, emailAssertion: Output<String>? = null, groupsAssertion: Output<String>? = null, idpMetadataUrl: Output<String>? = null, idpMetadataXml: Output<String>? = null, loginAssertion: Output<String>? = null, loginValidityDuration: Output<Int>? = null, nameAssertion: Output<String>? = null, orgAssertion: Output<String>? = null, roleAssertion: Output<String>? = null, workspaceId: Output<String>? = null)

Properties

Link copied to clipboard
val adminRoleValues: Output<List<String>>? = null

The admin role values.

Link copied to clipboard
val allowedOrganizations: Output<List<String>>? = null

The allowed organizations.

Link copied to clipboard
val editorRoleValues: Output<List<String>>? = null

The editor role values.

Link copied to clipboard
val emailAssertion: Output<String>? = null

The email assertion.

Link copied to clipboard
val groupsAssertion: Output<String>? = null

The groups assertion.

Link copied to clipboard
val idpMetadataUrl: Output<String>? = null

The IDP Metadata URL. Note that either idp_metadata_url or idp_metadata_xml (but not both) must be specified.

Link copied to clipboard
val idpMetadataXml: Output<String>? = null

The IDP Metadata XML. Note that either idp_metadata_url or idp_metadata_xml (but not both) must be specified.

Link copied to clipboard
val loginAssertion: Output<String>? = null

The login assertion.

Link copied to clipboard
val loginValidityDuration: Output<Int>? = null

The login validity duration.

Link copied to clipboard
val nameAssertion: Output<String>? = null

The name assertion.

Link copied to clipboard
val orgAssertion: Output<String>? = null

The org assertion.

Link copied to clipboard
val roleAssertion: Output<String>? = null

The role assertion.

Link copied to clipboard
val workspaceId: Output<String>? = null

The workspace id. The following arguments are optional:

Functions

Link copied to clipboard
open override fun toJava(): WorkspaceSamlConfigurationArgs