pulumi-vault-kotlin/com.pulumi.vault.identity.kotlin/OidcClient

OidcClient

class OidcClient : KotlinCustomResource

Manages OIDC Clients in a Vault server. See the Vault documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.identity.OidcAssignment("test", {
    name: "my-assignment",
    entityIds: ["ascbascas-2231a-sdfaa"],
    groupIds: ["sajkdsad-32414-sfsada"],
});
const testOidcClient = new vault.identity.OidcClient("test", {
    name: "my-app",
    redirectUris: [
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    assignments: [test&#46;name],
    idTokenTtl: 2400,
    accessTokenTtl: 7200,
});

import pulumi
import pulumi_vault as vault
test = vault.identity.OidcAssignment("test",
    name="my-assignment",
    entity_ids=["ascbascas-2231a-sdfaa"],
    group_ids=["sajkdsad-32414-sfsada"])
test_oidc_client = vault.identity.OidcClient("test",
    name="my-app",
    redirect_uris=[
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    assignments=[test&#46;name],
    id_token_ttl=2400,
    access_token_ttl=7200)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var test = new Vault.Identity.OidcAssignment("test", new()
    {
        Name = "my-assignment",
        EntityIds = new[]
        {
            "ascbascas-2231a-sdfaa",
        },
        GroupIds = new[]
        {
            "sajkdsad-32414-sfsada",
        },
    });
    var testOidcClient = new Vault.Identity.OidcClient("test", new()
    {
        Name = "my-app",
        RedirectUris = new[]
        {
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        },
        Assignments = new[]
        {
            test.Name,
        },
        IdTokenTtl = 2400,
        AccessTokenTtl = 7200,
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := identity.NewOidcAssignment(ctx, "test", &identity.OidcAssignmentArgs{
			Name: pulumi.String("my-assignment"),
			EntityIds: pulumi.StringArray{
				pulumi.String("ascbascas-2231a-sdfaa"),
			},
			GroupIds: pulumi.StringArray{
				pulumi.String("sajkdsad-32414-sfsada"),
			},
		})
		if err != nil {
			return err
		}
		_, err = identity.NewOidcClient(ctx, "test", &identity.OidcClientArgs{
			Name: pulumi.String("my-app"),
			RedirectUris: pulumi.StringArray{
				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
				pulumi.String("http://127.0.0.1:8251/callback"),
				pulumi.String("http://127.0.0.1:8080/callback"),
			},
			Assignments: pulumi.StringArray{
				test.Name,
			},
			IdTokenTtl:     pulumi.Int(2400),
			AccessTokenTtl: pulumi.Int(7200),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcAssignment;
import com.pulumi.vault.identity.OidcAssignmentArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var test = new OidcAssignment("test", OidcAssignmentArgs.builder()
            .name("my-assignment")
            .entityIds("ascbascas-2231a-sdfaa")
            .groupIds("sajkdsad-32414-sfsada")
            .build());
        var testOidcClient = new OidcClient("testOidcClient", OidcClientArgs.builder()
            .name("my-app")
            .redirectUris(
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback")
            .assignments(test.name())
            .idTokenTtl(2400)
            .accessTokenTtl(7200)
            .build());
    }
}

resources:
  test:
    type: vault:identity:OidcAssignment
    properties:
      name: my-assignment
      entityIds:
        - ascbascas-2231a-sdfaa
      groupIds:
        - sajkdsad-32414-sfsada
  testOidcClient:
    type: vault:identity:OidcClient
    name: test
    properties:
      name: my-app
      redirectUris:
        - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
        - http://127.0.0.1:8251/callback
        - http://127.0.0.1:8080/callback
      assignments:
        - ${test.name}
      idTokenTtl: 2400
      accessTokenTtl: 7200

Import

OIDC Clients can be imported using the name, e.g.

$ pulumi import vault:identity/oidcClient:OidcClient test my-app

Properties

accessTokenTtl

val accessTokenTtl: Output<Int>

The time-to-live for access tokens obtained by the client.

assignments

val assignments: Output<List<String>>?

A list of assignment resources associated with the client.

clientId

val clientId: Output<String>

The Client ID returned by Vault.

clientSecret

val clientSecret: Output<String>

The Client Secret Key returned by Vault. For public OpenID Clients client_secret is set to an empty string ""

clientType

val clientType: Output<String>

The client type based on its ability to maintain confidentiality of credentials. The following client types are supported: confidential, public. Defaults to confidential.

val id: Output<String>

idTokenTtl

val idTokenTtl: Output<Int>

The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.

key

val key: Output<String>

A reference to a named key resource in Vault. This cannot be modified after creation. If not provided, the default key is used.

name

val name: Output<String>

The name of the client.

namespace

val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

redirectUris

val redirectUris: Output<List<String>>?

Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.

urn

val urn: Output<String>