pulumi-nomad-kotlin/com.pulumi.nomad.kotlin.outputs/AclAuthMethodConfig

AclAuthMethodConfig

data class AclAuthMethodConfig(val allowedRedirectUris: List<String>? = null, val boundAudiences: List<String>? = null, val boundIssuers: List<String>? = null, val claimMappings: Map<String, String>? = null, val clockSkewLeeway: String? = null, val discoveryCaPems: List<String>? = null, val expirationLeeway: String? = null, val jwksCaCert: String? = null, val jwksUrl: String? = null, val jwtValidationPubKeys: List<String>? = null, val listClaimMappings: Map<String, String>? = null, val notBeforeLeeway: String? = null, val oidcClientAssertion: AclAuthMethodConfigOidcClientAssertion? = null, val oidcClientId: String? = null, val oidcClientSecret: String? = null, val oidcDisableUserinfo: Boolean? = null, val oidcDiscoveryUrl: String? = null, val oidcEnablePkce: Boolean? = null, val oidcScopes: List<String>? = null, val signingAlgs: List<String>? = null, val verboseLogging: Boolean? = null)

Constructors

Link copied to clipboard
constructor(allowedRedirectUris: List<String>? = null, boundAudiences: List<String>? = null, boundIssuers: List<String>? = null, claimMappings: Map<String, String>? = null, clockSkewLeeway: String? = null, discoveryCaPems: List<String>? = null, expirationLeeway: String? = null, jwksCaCert: String? = null, jwksUrl: String? = null, jwtValidationPubKeys: List<String>? = null, listClaimMappings: Map<String, String>? = null, notBeforeLeeway: String? = null, oidcClientAssertion: AclAuthMethodConfigOidcClientAssertion? = null, oidcClientId: String? = null, oidcClientSecret: String? = null, oidcDisableUserinfo: Boolean? = null, oidcDiscoveryUrl: String? = null, oidcEnablePkce: Boolean? = null, oidcScopes: List<String>? = null, signingAlgs: List<String>? = null, verboseLogging: Boolean? = null)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val allowedRedirectUris: List<String>? = null

([]string: <optional>) - A list of allowed values that can be used for the redirect URI.

Link copied to clipboard
val boundAudiences: List<String>? = null

([]string: <optional>) - List of auth claims that are valid for login.

Link copied to clipboard
val boundIssuers: List<String>? = null

([]string: <optional>) - The value against which to match the iss claim in a JWT.

Link copied to clipboard
val claimMappings: Map<String, String>? = null

Mappings of claims (key) that will be copied to a metadata field (value).

Link copied to clipboard
val clockSkewLeeway: String? = null

(string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".

Link copied to clipboard
val discoveryCaPems: List<String>? = null

([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.

Link copied to clipboard
val expirationLeeway: String? = null

(string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".

Link copied to clipboard
val jwksCaCert: String? = null

(string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.

Link copied to clipboard
val jwksUrl: String? = null

(string: <optional>) - JSON Web Key Sets url for authenticating signatures.

Link copied to clipboard
val jwtValidationPubKeys: List<String>? = null

([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.

Link copied to clipboard
val listClaimMappings: Map<String, String>? = null

Mappings of list claims (key) that will be copied to a metadata field (value).

Link copied to clipboard
val notBeforeLeeway: String? = null

(string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".

Link copied to clipboard
val oidcClientAssertion: AclAuthMethodConfigOidcClientAssertion? = null

(OIDCClientAssertion: <optional>) - Optionally send a signed JWT ("private key jwt") as a client assertion to the OIDC provider. Browse to the concepts-assertions page to learn more.

Link copied to clipboard
val oidcClientId: String? = null

(string: <optional>) - The OAuth Client ID configured with the OIDC provider.

Link copied to clipboard
val oidcClientSecret: String? = null

(string: <optional>) - The OAuth Client Secret configured with the OIDC provider.

Link copied to clipboard
val oidcDisableUserinfo: Boolean? = null

(bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.

Link copied to clipboard
val oidcDiscoveryUrl: String? = null

(string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).

Link copied to clipboard
val oidcEnablePkce: Boolean? = null

(bool: false) - When set to true, Nomad will include PKCE verification in the auth flow. Even with PKCE enabled in Nomad, you may still need to enable it in your OIDC provider.

Link copied to clipboard
val oidcScopes: List<String>? = null

([]string: <optional>) - List of OIDC scopes.

Link copied to clipboard
val signingAlgs: List<String>? = null

([]string: <optional>) - A list of supported signing algorithms.

Link copied to clipboard
val verboseLogging: Boolean? = null

Enable OIDC verbose logging on the Nomad server.