pulumi-vault-kotlin/com.pulumi.vault.saml.kotlin/AuthBackendArgs

AuthBackendArgs

data class AuthBackendArgs(val acsUrls: Output<List<String>>? = null, val defaultRole: Output<String>? = null, val disableRemount: Output<Boolean>? = null, val entityId: Output<String>? = null, val idpCert: Output<String>? = null, val idpEntityId: Output<String>? = null, val idpMetadataUrl: Output<String>? = null, val idpSsoUrl: Output<String>? = null, val namespace: Output<String>? = null, val path: Output<String>? = null, val verboseLogging: Output<Boolean>? = null) : ConvertibleToJava<AuthBackendArgs>

Manages a SAML Auth mount in a Vault server. See the [Vault

  • documentation](https://www.vaultproject.io/docs/auth/saml/) for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.saml.AuthBackend("test", {
    path: "saml",
    idpMetadataUrl: "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
    entityId: "https://my.vault/v1/auth/saml",
    acsUrls: ["https://my&#46;vault&#46;primary/v1/auth/saml/callback"],
    defaultRole: "admin",
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
test = vault.saml.AuthBackend("test",
    path="saml",
    idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
    entity_id="https://my.vault/v1/auth/saml",
    acs_urls=["https://my&#46;vault&#46;primary/v1/auth/saml/callback"],
    default_role="admin")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var test = new Vault.Saml.AuthBackend("test", new()
    {
        Path = "saml",
        IdpMetadataUrl = "https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
        EntityId = "https://my.vault/v1/auth/saml",
        AcsUrls = new[]
        {
            "https://my.vault.primary/v1/auth/saml/callback",
        },
        DefaultRole = "admin",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/saml"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := saml.NewAuthBackend(ctx, "test", &saml.AuthBackendArgs{
			Path:           pulumi.String("saml"),
			IdpMetadataUrl: pulumi.String("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata"),
			EntityId:       pulumi.String("https://my.vault/v1/auth/saml"),
			AcsUrls: pulumi.StringArray{
				pulumi.String("https://my.vault.primary/v1/auth/saml/callback"),
			},
			DefaultRole: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.saml.AuthBackend;
import com.pulumi.vault.saml.AuthBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var test = new AuthBackend("test", AuthBackendArgs.builder()
            .path("saml")
            .idpMetadataUrl("https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata")
            .entityId("https://my.vault/v1/auth/saml")
            .acsUrls("https://my.vault.primary/v1/auth/saml/callback")
            .defaultRole("admin")
            .build());
    }
}
Content copied to clipboard
resources:
  test:
    type: vault:saml:AuthBackend
    properties:
      path: saml
      idpMetadataUrl: https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata
      entityId: https://my.vault/v1/auth/saml
      acsUrls:
        - https://my.vault.primary/v1/auth/saml/callback
      defaultRole: admin
Content copied to clipboard

Import

SAML authentication mounts can be imported using the path, e.g.

$ pulumi import vault:saml/authBackend:AuthBackend example saml
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(acsUrls: Output<List<String>>? = null, defaultRole: Output<String>? = null, disableRemount: Output<Boolean>? = null, entityId: Output<String>? = null, idpCert: Output<String>? = null, idpEntityId: Output<String>? = null, idpMetadataUrl: Output<String>? = null, idpSsoUrl: Output<String>? = null, namespace: Output<String>? = null, path: Output<String>? = null, verboseLogging: Output<Boolean>? = null)

Properties

Link copied to clipboard
val acsUrls: Output<List<String>>? = null

The well-formatted URLs of your Assertion Consumer Service (ACS) that should receive a response from the identity provider.

Link copied to clipboard
val defaultRole: Output<String>? = null

The role to use if no role is provided during login.

Link copied to clipboard
val disableRemount: Output<Boolean>? = null

If set to true, opts out of mount migration on path updates. See here for more info on Mount Migration

Link copied to clipboard
val entityId: Output<String>? = null

The entity ID of the SAML authentication service provider.

Link copied to clipboard
val idpCert: Output<String>? = null

The PEM encoded certificate of the identity provider. Mutually exclusive with idp_metadata_url.

Link copied to clipboard
val idpEntityId: Output<String>? = null

The entity ID of the identity provider. Mutually exclusive with idp_metadata_url.

Link copied to clipboard
val idpMetadataUrl: Output<String>? = null

The metadata URL of the identity provider.

Link copied to clipboard
val idpSsoUrl: Output<String>? = null

The SSO URL of the identity provider. Mutually exclusive with idp_metadata_url.

Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val path: Output<String>? = null

Path where the auth backend will be mounted. Defaults to auth/saml if not specified.

Link copied to clipboard
val verboseLogging: Output<Boolean>? = null

If set to true, logs additional, potentially sensitive information during the SAML exchange according to the current logging level. Not recommended for production.

Functions

Link copied to clipboard
open override fun toJava(): AuthBackendArgs