Acl
Manages an ACL Auth Method in Nomad.
Example Usage
Creating an ALC Auth Method:
import * as pulumi from "@pulumi/pulumi";
import * as nomad from "@pulumi/nomad";
const myNomadAclAuthMethod = new nomad.AclAuthMethod("my_nomad_acl_auth_method", {
name: "my-nomad-acl-auth-method",
type: "OIDC",
tokenLocality: "global",
maxTokenTtl: "10m0s",
tokenNameFormat: `${auth_method_type}-${value.user}`,
"default": true,
config: {
oidcDiscoveryUrl: "https://uk.auth0.com/",
oidcClientId: "someclientid",
oidcClientSecret: "someclientsecret-t",
boundAudiences: ["someclientid"],
allowedRedirectUris: [
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
listClaimMappings: {
"http://nomad.internal/roles": "roles",
},
},
});Content copied to clipboard
import pulumi
import pulumi_nomad as nomad
my_nomad_acl_auth_method = nomad.AclAuthMethod("my_nomad_acl_auth_method",
name="my-nomad-acl-auth-method",
type="OIDC",
token_locality="global",
max_token_ttl="10m0s",
token_name_format="${auth_method_type}-${value.user}",
default=True,
config={
"oidc_discovery_url": "https://uk.auth0.com/",
"oidc_client_id": "someclientid",
"oidc_client_secret": "someclientsecret-t",
"bound_audiences": ["someclientid"],
"allowed_redirect_uris": [
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
"list_claim_mappings": {
"http://nomad.internal/roles": "roles",
},
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nomad = Pulumi.Nomad;
return await Deployment.RunAsync(() =>
{
var myNomadAclAuthMethod = new Nomad.AclAuthMethod("my_nomad_acl_auth_method", new()
{
Name = "my-nomad-acl-auth-method",
Type = "OIDC",
TokenLocality = "global",
MaxTokenTtl = "10m0s",
TokenNameFormat = "${auth_method_type}-${value.user}",
Default = true,
Config = new Nomad.Inputs.AclAuthMethodConfigArgs
{
OidcDiscoveryUrl = "https://uk.auth0.com/",
OidcClientId = "someclientid",
OidcClientSecret = "someclientsecret-t",
BoundAudiences = new[]
{
"someclientid",
},
AllowedRedirectUris = new[]
{
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
},
ListClaimMappings =
{
{ "http://nomad.internal/roles", "roles" },
},
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := nomad.NewAclAuthMethod(ctx, "my_nomad_acl_auth_method", &nomad.AclAuthMethodArgs{
Name: pulumi.String("my-nomad-acl-auth-method"),
Type: pulumi.String("OIDC"),
TokenLocality: pulumi.String("global"),
MaxTokenTtl: pulumi.String("10m0s"),
TokenNameFormat: pulumi.Sprintf("${auth_method_type}-${value.user}"),
Default: pulumi.Bool(true),
Config: &nomad.AclAuthMethodConfigArgs{
OidcDiscoveryUrl: pulumi.String("https://uk.auth0.com/"),
OidcClientId: pulumi.String("someclientid"),
OidcClientSecret: pulumi.String("someclientsecret-t"),
BoundAudiences: pulumi.StringArray{
pulumi.String("someclientid"),
},
AllowedRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:4649/oidc/callback"),
pulumi.String("http://localhost:4646/ui/settings/tokens"),
},
ListClaimMappings: pulumi.StringMap{
"http://nomad.internal/roles": pulumi.String("roles"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nomad.AclAuthMethod;
import com.pulumi.nomad.AclAuthMethodArgs;
import com.pulumi.nomad.inputs.AclAuthMethodConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myNomadAclAuthMethod = new AclAuthMethod("myNomadAclAuthMethod", AclAuthMethodArgs.builder()
.name("my-nomad-acl-auth-method")
.type("OIDC")
.tokenLocality("global")
.maxTokenTtl("10m0s")
.tokenNameFormat("${auth_method_type}-${value.user}")
.default_(true)
.config(AclAuthMethodConfigArgs.builder()
.oidcDiscoveryUrl("https://uk.auth0.com/")
.oidcClientId("someclientid")
.oidcClientSecret("someclientsecret-t")
.boundAudiences("someclientid")
.allowedRedirectUris(
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens")
.listClaimMappings(Map.of("http://nomad.internal/roles", "roles"))
.build())
.build());
}
}Content copied to clipboard
resources:
myNomadAclAuthMethod:
type: nomad:AclAuthMethod
name: my_nomad_acl_auth_method
properties:
name: my-nomad-acl-auth-method
type: OIDC
tokenLocality: global
maxTokenTtl: 10m0s
tokenNameFormat: $${auth_method_type}-$${value.user}
default: true
config:
oidcDiscoveryUrl: https://uk.auth0.com/
oidcClientId: someclientid
oidcClientSecret: someclientsecret-t
boundAudiences:
- someclientid
allowedRedirectUris:
- http://localhost:4649/oidc/callback
- http://localhost:4646/ui/settings/tokens
listClaimMappings:
http://nomad.internal/roles: rolesContent copied to clipboard
Properties
Link copied to clipboard
(block: <required>) - Configuration specific to the auth method provider.
Link copied to clipboard
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
Link copied to clipboard
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.