cockroach.ApiOidcConfig
Explore with Pulumi AI
Configuration to allow external OIDC providers to issue tokens for use with CC API.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cockroach.ApiOidcConfig;
import com.pulumi.cockroach.ApiOidcConfigArgs;
import com.pulumi.cockroach.inputs.ApiOidcConfigIdentityMapArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ApiOidcConfig("example", ApiOidcConfigArgs.builder()
.issuer("https://accounts.google.com")
.audience("test_audience")
.jwks("{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"kid\":\"test_kid1\",\"kty\":\"RSA\",\"n\":\"09lq1lCEuteonwDJOhGTDak11ThplZuC9JEWQNdBnBSQwlkJQIE7A7nTBO0xTibcsh2HwYkC-N_Gs1jP4iwN3dRqnu5FwG2ct5mY8KLwJiHzToFC0MKenSFQCy0FviNtOnpiObcUlDvR2NDeNtMl_6SPzcQEt7GUTBBYZgoAxPmOgevki6ZNO6Y86xFqx3y6v8EPwW010AiC60r4AHGCTBhYF4uqmq5JH2UU4dDh9Udc-9LZxlSqPwJvnKDG2GjcnD8TsU3wjfEM_nRmx3dnXsrZUXYfNGtdv5dlHywf5AhkJmTavqcsJkgrNA-PNBghFMcCR816_kCIkCYWLWC5vQ\"}]}")
.claim("sub")
.identityMaps(
ApiOidcConfigIdentityMapArgs.builder()
.token_identity("token_identity")
.cc_identity("cc_identity")
.is_regex(false)
.build(),
ApiOidcConfigIdentityMapArgs.builder()
.token_identity("(.*)")
.cc_identity("\\1@example.com")
.is_regex(true)
.build())
.build());
}
}
resources:
example:
type: cockroach:ApiOidcConfig
properties:
issuer: https://accounts.google.com
audience: test_audience
jwks: '{"keys":[{"alg":"RS256","e":"AQAB","kid":"test_kid1","kty":"RSA","n":"09lq1lCEuteonwDJOhGTDak11ThplZuC9JEWQNdBnBSQwlkJQIE7A7nTBO0xTibcsh2HwYkC-N_Gs1jP4iwN3dRqnu5FwG2ct5mY8KLwJiHzToFC0MKenSFQCy0FviNtOnpiObcUlDvR2NDeNtMl_6SPzcQEt7GUTBBYZgoAxPmOgevki6ZNO6Y86xFqx3y6v8EPwW010AiC60r4AHGCTBhYF4uqmq5JH2UU4dDh9Udc-9LZxlSqPwJvnKDG2GjcnD8TsU3wjfEM_nRmx3dnXsrZUXYfNGtdv5dlHywf5AhkJmTavqcsJkgrNA-PNBghFMcCR816_kCIkCYWLWC5vQ"}]}'
claim: sub
identityMaps:
- token_identity: token_identity
cc_identity: cc_identity
is_regex: false
- token_identity: (.*)
cc_identity: \1@example.com
is_regex: true
Create ApiOidcConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApiOidcConfig(name: string, args: ApiOidcConfigArgs, opts?: CustomResourceOptions);
@overload
def ApiOidcConfig(resource_name: str,
args: ApiOidcConfigArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ApiOidcConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
audience: Optional[str] = None,
issuer: Optional[str] = None,
jwks: Optional[str] = None,
claim: Optional[str] = None,
identity_maps: Optional[Sequence[ApiOidcConfigIdentityMapArgs]] = None)
func NewApiOidcConfig(ctx *Context, name string, args ApiOidcConfigArgs, opts ...ResourceOption) (*ApiOidcConfig, error)
public ApiOidcConfig(string name, ApiOidcConfigArgs args, CustomResourceOptions? opts = null)
public ApiOidcConfig(String name, ApiOidcConfigArgs args)
public ApiOidcConfig(String name, ApiOidcConfigArgs args, CustomResourceOptions options)
type: cockroach:ApiOidcConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApiOidcConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApiOidcConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApiOidcConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApiOidcConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApiOidcConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var apiOidcConfigResource = new Cockroach.ApiOidcConfig("apiOidcConfigResource", new()
{
Audience = "string",
Issuer = "string",
Jwks = "string",
Claim = "string",
IdentityMaps = new[]
{
new Cockroach.Inputs.ApiOidcConfigIdentityMapArgs
{
CcIdentity = "string",
TokenIdentity = "string",
IsRegex = false,
},
},
});
example, err := cockroach.NewApiOidcConfig(ctx, "apiOidcConfigResource", &cockroach.ApiOidcConfigArgs{
Audience: pulumi.String("string"),
Issuer: pulumi.String("string"),
Jwks: pulumi.String("string"),
Claim: pulumi.String("string"),
IdentityMaps: cockroach.ApiOidcConfigIdentityMapArray{
&cockroach.ApiOidcConfigIdentityMapArgs{
CcIdentity: pulumi.String("string"),
TokenIdentity: pulumi.String("string"),
IsRegex: pulumi.Bool(false),
},
},
})
var apiOidcConfigResource = new ApiOidcConfig("apiOidcConfigResource", ApiOidcConfigArgs.builder()
.audience("string")
.issuer("string")
.jwks("string")
.claim("string")
.identityMaps(ApiOidcConfigIdentityMapArgs.builder()
.ccIdentity("string")
.tokenIdentity("string")
.isRegex(false)
.build())
.build());
api_oidc_config_resource = cockroach.ApiOidcConfig("apiOidcConfigResource",
audience="string",
issuer="string",
jwks="string",
claim="string",
identity_maps=[{
"cc_identity": "string",
"token_identity": "string",
"is_regex": False,
}])
const apiOidcConfigResource = new cockroach.ApiOidcConfig("apiOidcConfigResource", {
audience: "string",
issuer: "string",
jwks: "string",
claim: "string",
identityMaps: [{
ccIdentity: "string",
tokenIdentity: "string",
isRegex: false,
}],
});
type: cockroach:ApiOidcConfig
properties:
audience: string
claim: string
identityMaps:
- ccIdentity: string
isRegex: false
tokenIdentity: string
issuer: string
jwks: string
ApiOidcConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ApiOidcConfig resource accepts the following input properties:
- Audience string
- The audience that CC API should accept for this API OIDC Configuration.
- Issuer string
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- Jwks string
- The JSON Web Key Set used to check the signature of the JWTs.
- Claim string
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- Identity
Maps List<Pulumiverse.Cockroach. Inputs. Api Oidc Config Identity Map> - The mapping rules to convert token user identifiers into a new form.
- Audience string
- The audience that CC API should accept for this API OIDC Configuration.
- Issuer string
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- Jwks string
- The JSON Web Key Set used to check the signature of the JWTs.
- Claim string
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- Identity
Maps []ApiOidc Config Identity Map Args - The mapping rules to convert token user identifiers into a new form.
- audience String
- The audience that CC API should accept for this API OIDC Configuration.
- issuer String
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks String
- The JSON Web Key Set used to check the signature of the JWTs.
- claim String
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity
Maps List<ApiOidc Config Identity Map> - The mapping rules to convert token user identifiers into a new form.
- audience string
- The audience that CC API should accept for this API OIDC Configuration.
- issuer string
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks string
- The JSON Web Key Set used to check the signature of the JWTs.
- claim string
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity
Maps ApiOidc Config Identity Map[] - The mapping rules to convert token user identifiers into a new form.
- audience str
- The audience that CC API should accept for this API OIDC Configuration.
- issuer str
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks str
- The JSON Web Key Set used to check the signature of the JWTs.
- claim str
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity_
maps Sequence[ApiOidc Config Identity Map Args] - The mapping rules to convert token user identifiers into a new form.
- audience String
- The audience that CC API should accept for this API OIDC Configuration.
- issuer String
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks String
- The JSON Web Key Set used to check the signature of the JWTs.
- claim String
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity
Maps List<Property Map> - The mapping rules to convert token user identifiers into a new form.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApiOidcConfig resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ApiOidcConfig Resource
Get an existing ApiOidcConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApiOidcConfigState, opts?: CustomResourceOptions): ApiOidcConfig
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
audience: Optional[str] = None,
claim: Optional[str] = None,
identity_maps: Optional[Sequence[ApiOidcConfigIdentityMapArgs]] = None,
issuer: Optional[str] = None,
jwks: Optional[str] = None) -> ApiOidcConfig
func GetApiOidcConfig(ctx *Context, name string, id IDInput, state *ApiOidcConfigState, opts ...ResourceOption) (*ApiOidcConfig, error)
public static ApiOidcConfig Get(string name, Input<string> id, ApiOidcConfigState? state, CustomResourceOptions? opts = null)
public static ApiOidcConfig get(String name, Output<String> id, ApiOidcConfigState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Audience string
- The audience that CC API should accept for this API OIDC Configuration.
- Claim string
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- Identity
Maps List<Pulumiverse.Cockroach. Inputs. Api Oidc Config Identity Map> - The mapping rules to convert token user identifiers into a new form.
- Issuer string
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- Jwks string
- The JSON Web Key Set used to check the signature of the JWTs.
- Audience string
- The audience that CC API should accept for this API OIDC Configuration.
- Claim string
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- Identity
Maps []ApiOidc Config Identity Map Args - The mapping rules to convert token user identifiers into a new form.
- Issuer string
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- Jwks string
- The JSON Web Key Set used to check the signature of the JWTs.
- audience String
- The audience that CC API should accept for this API OIDC Configuration.
- claim String
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity
Maps List<ApiOidc Config Identity Map> - The mapping rules to convert token user identifiers into a new form.
- issuer String
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks String
- The JSON Web Key Set used to check the signature of the JWTs.
- audience string
- The audience that CC API should accept for this API OIDC Configuration.
- claim string
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity
Maps ApiOidc Config Identity Map[] - The mapping rules to convert token user identifiers into a new form.
- issuer string
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks string
- The JSON Web Key Set used to check the signature of the JWTs.
- audience str
- The audience that CC API should accept for this API OIDC Configuration.
- claim str
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity_
maps Sequence[ApiOidc Config Identity Map Args] - The mapping rules to convert token user identifiers into a new form.
- issuer str
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks str
- The JSON Web Key Set used to check the signature of the JWTs.
- audience String
- The audience that CC API should accept for this API OIDC Configuration.
- claim String
- The JWT claim that should be used as the user identifier. Defaults to the subject.
- identity
Maps List<Property Map> - The mapping rules to convert token user identifiers into a new form.
- issuer String
- The issuer of tokens for the API OIDC Configuration. Usually this is a url.
- jwks String
- The JSON Web Key Set used to check the signature of the JWTs.
Supporting Types
ApiOidcConfigIdentityMap, ApiOidcConfigIdentityMapArgs
- Cc
Identity string - The username (email or service account id) of the CC user that the token should map to.
- Token
Identity string - The token value that needs to be mapped.
- Is
Regex bool - Indicates that the token_principal field is a regex value.
- Cc
Identity string - The username (email or service account id) of the CC user that the token should map to.
- Token
Identity string - The token value that needs to be mapped.
- Is
Regex bool - Indicates that the token_principal field is a regex value.
- cc
Identity String - The username (email or service account id) of the CC user that the token should map to.
- token
Identity String - The token value that needs to be mapped.
- is
Regex Boolean - Indicates that the token_principal field is a regex value.
- cc
Identity string - The username (email or service account id) of the CC user that the token should map to.
- token
Identity string - The token value that needs to be mapped.
- is
Regex boolean - Indicates that the token_principal field is a regex value.
- cc_
identity str - The username (email or service account id) of the CC user that the token should map to.
- token_
identity str - The token value that needs to be mapped.
- is_
regex bool - Indicates that the token_principal field is a regex value.
- cc
Identity String - The username (email or service account id) of the CC user that the token should map to.
- token
Identity String - The token value that needs to be mapped.
- is
Regex Boolean - Indicates that the token_principal field is a regex value.
Package Details
- Repository
- cockroach pulumiverse/pulumi-cockroach
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cockroach
Terraform Provider.