Docs Home
Nomad v2.4.1 published on Wednesday, Oct 30, 2024 by Pulumi
nomad.AclAuthMethod
Explore with Pulumi AI
Manages an ACL Auth Method in Nomad.
Example Usage
Creating an ALC Auth Method:
import * as pulumi from "@pulumi/pulumi";
import * as nomad from "@pulumi/nomad";
const myNomadAclAuthMethod = new nomad.AclAuthMethod("my_nomad_acl_auth_method", {
name: "my-nomad-acl-auth-method",
type: "OIDC",
tokenLocality: "global",
maxTokenTtl: "10m0s",
tokenNameFormat: `${auth_method_type}-${value.user}`,
"default": true,
config: {
oidcDiscoveryUrl: "https://uk.auth0.com/",
oidcClientId: "someclientid",
oidcClientSecret: "someclientsecret-t",
boundAudiences: ["someclientid"],
allowedRedirectUris: [
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
listClaimMappings: {
"http://nomad.internal/roles": "roles",
},
},
});
import pulumi
import pulumi_nomad as nomad
my_nomad_acl_auth_method = nomad.AclAuthMethod("my_nomad_acl_auth_method",
name="my-nomad-acl-auth-method",
type="OIDC",
token_locality="global",
max_token_ttl="10m0s",
token_name_format="${auth_method_type}-${value.user}",
default=True,
config={
"oidc_discovery_url": "https://uk.auth0.com/",
"oidc_client_id": "someclientid",
"oidc_client_secret": "someclientsecret-t",
"bound_audiences": ["someclientid"],
"allowed_redirect_uris": [
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
],
"list_claim_mappings": {
"http___nomad_internal_roles": "roles",
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := nomad.NewAclAuthMethod(ctx, "my_nomad_acl_auth_method", &nomad.AclAuthMethodArgs{
Name: pulumi.String("my-nomad-acl-auth-method"),
Type: pulumi.String("OIDC"),
TokenLocality: pulumi.String("global"),
MaxTokenTtl: pulumi.String("10m0s"),
TokenNameFormat: pulumi.Sprintf("${auth_method_type}-${value.user}"),
Default: pulumi.Bool(true),
Config: &nomad.AclAuthMethodConfigArgs{
OidcDiscoveryUrl: pulumi.String("https://uk.auth0.com/"),
OidcClientId: pulumi.String("someclientid"),
OidcClientSecret: pulumi.String("someclientsecret-t"),
BoundAudiences: pulumi.StringArray{
pulumi.String("someclientid"),
},
AllowedRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:4649/oidc/callback"),
pulumi.String("http://localhost:4646/ui/settings/tokens"),
},
ListClaimMappings: pulumi.StringMap{
"http://nomad.internal/roles": pulumi.String("roles"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nomad = Pulumi.Nomad;
return await Deployment.RunAsync(() =>
{
var myNomadAclAuthMethod = new Nomad.AclAuthMethod("my_nomad_acl_auth_method", new()
{
Name = "my-nomad-acl-auth-method",
Type = "OIDC",
TokenLocality = "global",
MaxTokenTtl = "10m0s",
TokenNameFormat = "${auth_method_type}-${value.user}",
Default = true,
Config = new Nomad.Inputs.AclAuthMethodConfigArgs
{
OidcDiscoveryUrl = "https://uk.auth0.com/",
OidcClientId = "someclientid",
OidcClientSecret = "someclientsecret-t",
BoundAudiences = new[]
{
"someclientid",
},
AllowedRedirectUris = new[]
{
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens",
},
ListClaimMappings =
{
{ "http://nomad.internal/roles", "roles" },
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nomad.AclAuthMethod;
import com.pulumi.nomad.AclAuthMethodArgs;
import com.pulumi.nomad.inputs.AclAuthMethodConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myNomadAclAuthMethod = new AclAuthMethod("myNomadAclAuthMethod", AclAuthMethodArgs.builder()
.name("my-nomad-acl-auth-method")
.type("OIDC")
.tokenLocality("global")
.maxTokenTtl("10m0s")
.tokenNameFormat("${auth_method_type}-${value.user}")
.default_(true)
.config(AclAuthMethodConfigArgs.builder()
.oidcDiscoveryUrl("https://uk.auth0.com/")
.oidcClientId("someclientid")
.oidcClientSecret("someclientsecret-t")
.boundAudiences("someclientid")
.allowedRedirectUris(
"http://localhost:4649/oidc/callback",
"http://localhost:4646/ui/settings/tokens")
.listClaimMappings(Map.of("http://nomad.internal/roles", "roles"))
.build())
.build());
}
}
resources:
myNomadAclAuthMethod:
type: nomad:AclAuthMethod
name: my_nomad_acl_auth_method
properties:
name: my-nomad-acl-auth-method
type: OIDC
tokenLocality: global
maxTokenTtl: 10m0s
tokenNameFormat: ${auth_method_type}-${value.user}
default: true
config:
oidcDiscoveryUrl: https://uk.auth0.com/
oidcClientId: someclientid
oidcClientSecret: someclientsecret-t
boundAudiences:
- someclientid
allowedRedirectUris:
- http://localhost:4649/oidc/callback
- http://localhost:4646/ui/settings/tokens
listClaimMappings:
http://nomad.internal/roles: roles
Create AclAuthMethod Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);@overload
def AclAuthMethod(resource_name: str,
args: AclAuthMethodArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AclAuthMethod(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[AclAuthMethodConfigArgs] = None,
max_token_ttl: Optional[str] = None,
token_locality: Optional[str] = None,
type: Optional[str] = None,
default: Optional[bool] = None,
name: Optional[str] = None,
token_name_format: Optional[str] = None)func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)
public AclAuthMethod(String name, AclAuthMethodArgs args)
public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)
type: nomad:AclAuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AclAuthMethodArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var aclAuthMethodResource = new Nomad.AclAuthMethod("aclAuthMethodResource", new()
{
Config = new Nomad.Inputs.AclAuthMethodConfigArgs
{
AllowedRedirectUris = new[]
{
"string",
},
BoundAudiences = new[]
{
"string",
},
BoundIssuers = new[]
{
"string",
},
ClaimMappings =
{
{ "string", "string" },
},
ClockSkewLeeway = "string",
DiscoveryCaPems = new[]
{
"string",
},
ExpirationLeeway = "string",
JwksCaCert = "string",
JwksUrl = "string",
JwtValidationPubKeys = new[]
{
"string",
},
ListClaimMappings =
{
{ "string", "string" },
},
NotBeforeLeeway = "string",
OidcClientId = "string",
OidcClientSecret = "string",
OidcDisableUserinfo = false,
OidcDiscoveryUrl = "string",
OidcScopes = new[]
{
"string",
},
SigningAlgs = new[]
{
"string",
},
},
MaxTokenTtl = "string",
TokenLocality = "string",
Type = "string",
Default = false,
Name = "string",
TokenNameFormat = "string",
});
example, err := nomad.NewAclAuthMethod(ctx, "aclAuthMethodResource", &nomad.AclAuthMethodArgs{
Config: &nomad.AclAuthMethodConfigArgs{
AllowedRedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
BoundAudiences: pulumi.StringArray{
pulumi.String("string"),
},
BoundIssuers: pulumi.StringArray{
pulumi.String("string"),
},
ClaimMappings: pulumi.StringMap{
"string": pulumi.String("string"),
},
ClockSkewLeeway: pulumi.String("string"),
DiscoveryCaPems: pulumi.StringArray{
pulumi.String("string"),
},
ExpirationLeeway: pulumi.String("string"),
JwksCaCert: pulumi.String("string"),
JwksUrl: pulumi.String("string"),
JwtValidationPubKeys: pulumi.StringArray{
pulumi.String("string"),
},
ListClaimMappings: pulumi.StringMap{
"string": pulumi.String("string"),
},
NotBeforeLeeway: pulumi.String("string"),
OidcClientId: pulumi.String("string"),
OidcClientSecret: pulumi.String("string"),
OidcDisableUserinfo: pulumi.Bool(false),
OidcDiscoveryUrl: pulumi.String("string"),
OidcScopes: pulumi.StringArray{
pulumi.String("string"),
},
SigningAlgs: pulumi.StringArray{
pulumi.String("string"),
},
},
MaxTokenTtl: pulumi.String("string"),
TokenLocality: pulumi.String("string"),
Type: pulumi.String("string"),
Default: pulumi.Bool(false),
Name: pulumi.String("string"),
TokenNameFormat: pulumi.String("string"),
})
var aclAuthMethodResource = new AclAuthMethod("aclAuthMethodResource", AclAuthMethodArgs.builder()
.config(AclAuthMethodConfigArgs.builder()
.allowedRedirectUris("string")
.boundAudiences("string")
.boundIssuers("string")
.claimMappings(Map.of("string", "string"))
.clockSkewLeeway("string")
.discoveryCaPems("string")
.expirationLeeway("string")
.jwksCaCert("string")
.jwksUrl("string")
.jwtValidationPubKeys("string")
.listClaimMappings(Map.of("string", "string"))
.notBeforeLeeway("string")
.oidcClientId("string")
.oidcClientSecret("string")
.oidcDisableUserinfo(false)
.oidcDiscoveryUrl("string")
.oidcScopes("string")
.signingAlgs("string")
.build())
.maxTokenTtl("string")
.tokenLocality("string")
.type("string")
.default_(false)
.name("string")
.tokenNameFormat("string")
.build());
acl_auth_method_resource = nomad.AclAuthMethod("aclAuthMethodResource",
config={
"allowed_redirect_uris": ["string"],
"bound_audiences": ["string"],
"bound_issuers": ["string"],
"claim_mappings": {
"string": "string",
},
"clock_skew_leeway": "string",
"discovery_ca_pems": ["string"],
"expiration_leeway": "string",
"jwks_ca_cert": "string",
"jwks_url": "string",
"jwt_validation_pub_keys": ["string"],
"list_claim_mappings": {
"string": "string",
},
"not_before_leeway": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_disable_userinfo": False,
"oidc_discovery_url": "string",
"oidc_scopes": ["string"],
"signing_algs": ["string"],
},
max_token_ttl="string",
token_locality="string",
type="string",
default=False,
name="string",
token_name_format="string")
const aclAuthMethodResource = new nomad.AclAuthMethod("aclAuthMethodResource", {
config: {
allowedRedirectUris: ["string"],
boundAudiences: ["string"],
boundIssuers: ["string"],
claimMappings: {
string: "string",
},
clockSkewLeeway: "string",
discoveryCaPems: ["string"],
expirationLeeway: "string",
jwksCaCert: "string",
jwksUrl: "string",
jwtValidationPubKeys: ["string"],
listClaimMappings: {
string: "string",
},
notBeforeLeeway: "string",
oidcClientId: "string",
oidcClientSecret: "string",
oidcDisableUserinfo: false,
oidcDiscoveryUrl: "string",
oidcScopes: ["string"],
signingAlgs: ["string"],
},
maxTokenTtl: "string",
tokenLocality: "string",
type: "string",
"default": false,
name: "string",
tokenNameFormat: "string",
});
type: nomad:AclAuthMethod
properties:
config:
allowedRedirectUris:
- string
boundAudiences:
- string
boundIssuers:
- string
claimMappings:
string: string
clockSkewLeeway: string
discoveryCaPems:
- string
expirationLeeway: string
jwksCaCert: string
jwksUrl: string
jwtValidationPubKeys:
- string
listClaimMappings:
string: string
notBeforeLeeway: string
oidcClientId: string
oidcClientSecret: string
oidcDisableUserinfo: false
oidcDiscoveryUrl: string
oidcScopes:
- string
signingAlgs:
- string
default: false
maxTokenTtl: string
name: string
tokenLocality: string
tokenNameFormat: string
type: string
AclAuthMethod Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AclAuthMethod resource accepts the following input properties:
- Config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- Config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.- default_ Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type string
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.- default boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name string
(string: <required>)- The identifier of the ACL Auth Method.- token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- max_
token_ strttl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token_
locality str (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type str
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.- default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name str
(string: <required>)- The identifier of the ACL Auth Method.- token_
name_ strformat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
- config Property Map
(block: <required>)- Configuration specific to the auth method provider.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.- default Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
Outputs
All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AclAuthMethod Resource
Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[AclAuthMethodConfigArgs] = None,
default: Optional[bool] = None,
max_token_ttl: Optional[str] = None,
name: Optional[str] = None,
token_locality: Optional[str] = None,
token_name_format: Optional[str] = None,
type: Optional[str] = None) -> AclAuthMethodfunc GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.
- Config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- Default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- Max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- Name string
(string: <required>)- The identifier of the ACL Auth Method.- Token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- Token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- Type string
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- default_ Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.
- config
Acl
Auth Method Config (block: <required>)- Configuration specific to the auth method provider.- default boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token stringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name string
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality string (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token
Name stringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type string
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.
- config
Acl
Auth Method Config Args (block: <required>)- Configuration specific to the auth method provider.- default bool
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max_
token_ strttl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name str
(string: <required>)- The identifier of the ACL Auth Method.- token_
locality str (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token_
name_ strformat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type str
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.
- config Property Map
(block: <required>)- Configuration specific to the auth method provider.- default Boolean
(bool: false)- Defines whether this ACL Auth Method is to be set as default.- max
Token StringTtl (string: <required>)- Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".- name String
(string: <required>)- The identifier of the ACL Auth Method.- token
Locality String (string: <required>)- Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to eitherlocalorglobal.- token
Name StringFormat (string: "${auth_method_type}-${auth_method_name}")- Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.- type String
(string: <required>)- ACL Auth Method SSO workflow type. Valid values, areOIDCandJWT.
Supporting Types
AclAuthMethodConfig, AclAuthMethodConfigArgs
- Allowed
Redirect List<string>Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- Bound
Audiences List<string> ([]string: <optional>)- List of auth claims that are valid for login.- Bound
Issuers List<string> ([]string: <optional>)- The value against which to match the iss claim in a JWT.- Claim
Mappings Dictionary<string, string> - Mappings of claims (key) that will be copied to a metadata field (value).
- Clock
Skew stringLeeway (string: <optional>)- Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".- Discovery
Ca List<string>Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- Expiration
Leeway string (string: <optional>)- Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".- Jwks
Ca stringCert (string: <optional>)- PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.- Jwks
Url string (string: <optional>)- JSON Web Key Sets url for authenticating signatures.- Jwt
Validation List<string>Pub Keys ([]string: <optional>)- List of PEM-encoded public keys to use to authenticate signatures locally.- List
Claim Dictionary<string, string>Mappings - Mappings of list claims (key) that will be copied to a metadata field (value).
- Not
Before stringLeeway (string: <optional>)- Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".- Oidc
Client stringId (string: <optional>)- The OAuth Client ID configured with the OIDC provider.- Oidc
Client stringSecret (string: <optional>)- The OAuth Client Secret configured with the OIDC provider.- Oidc
Disable boolUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- Oidc
Discovery stringUrl (string: <optional>)- The OIDC Discovery URL, without any .well-known component (base path).- Oidc
Scopes List<string> ([]string: <optional>)- List of OIDC scopes.- Signing
Algs List<string> ([]string: <optional>)- A list of supported signing algorithms.
- Allowed
Redirect []stringUris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- Bound
Audiences []string ([]string: <optional>)- List of auth claims that are valid for login.- Bound
Issuers []string ([]string: <optional>)- The value against which to match the iss claim in a JWT.- Claim
Mappings map[string]string - Mappings of claims (key) that will be copied to a metadata field (value).
- Clock
Skew stringLeeway (string: <optional>)- Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".- Discovery
Ca []stringPems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- Expiration
Leeway string (string: <optional>)- Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".- Jwks
Ca stringCert (string: <optional>)- PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.- Jwks
Url string (string: <optional>)- JSON Web Key Sets url for authenticating signatures.- Jwt
Validation []stringPub Keys ([]string: <optional>)- List of PEM-encoded public keys to use to authenticate signatures locally.- List
Claim map[string]stringMappings - Mappings of list claims (key) that will be copied to a metadata field (value).
- Not
Before stringLeeway (string: <optional>)- Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".- Oidc
Client stringId (string: <optional>)- The OAuth Client ID configured with the OIDC provider.- Oidc
Client stringSecret (string: <optional>)- The OAuth Client Secret configured with the OIDC provider.- Oidc
Disable boolUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- Oidc
Discovery stringUrl (string: <optional>)- The OIDC Discovery URL, without any .well-known component (base path).- Oidc
Scopes []string ([]string: <optional>)- List of OIDC scopes.- Signing
Algs []string ([]string: <optional>)- A list of supported signing algorithms.
- allowed
Redirect List<String>Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- bound
Audiences List<String> ([]string: <optional>)- List of auth claims that are valid for login.- bound
Issuers List<String> ([]string: <optional>)- The value against which to match the iss claim in a JWT.- claim
Mappings Map<String,String> - Mappings of claims (key) that will be copied to a metadata field (value).
- clock
Skew StringLeeway (string: <optional>)- Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".- discovery
Ca List<String>Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- expiration
Leeway String (string: <optional>)- Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".- jwks
Ca StringCert (string: <optional>)- PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.- jwks
Url String (string: <optional>)- JSON Web Key Sets url for authenticating signatures.- jwt
Validation List<String>Pub Keys ([]string: <optional>)- List of PEM-encoded public keys to use to authenticate signatures locally.- list
Claim Map<String,String>Mappings - Mappings of list claims (key) that will be copied to a metadata field (value).
- not
Before StringLeeway (string: <optional>)- Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".- oidc
Client StringId (string: <optional>)- The OAuth Client ID configured with the OIDC provider.- oidc
Client StringSecret (string: <optional>)- The OAuth Client Secret configured with the OIDC provider.- oidc
Disable BooleanUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc
Discovery StringUrl (string: <optional>)- The OIDC Discovery URL, without any .well-known component (base path).- oidc
Scopes List<String> ([]string: <optional>)- List of OIDC scopes.- signing
Algs List<String> ([]string: <optional>)- A list of supported signing algorithms.
- allowed
Redirect string[]Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- bound
Audiences string[] ([]string: <optional>)- List of auth claims that are valid for login.- bound
Issuers string[] ([]string: <optional>)- The value against which to match the iss claim in a JWT.- claim
Mappings {[key: string]: string} - Mappings of claims (key) that will be copied to a metadata field (value).
- clock
Skew stringLeeway (string: <optional>)- Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".- discovery
Ca string[]Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- expiration
Leeway string (string: <optional>)- Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".- jwks
Ca stringCert (string: <optional>)- PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.- jwks
Url string (string: <optional>)- JSON Web Key Sets url for authenticating signatures.- jwt
Validation string[]Pub Keys ([]string: <optional>)- List of PEM-encoded public keys to use to authenticate signatures locally.- list
Claim {[key: string]: string}Mappings - Mappings of list claims (key) that will be copied to a metadata field (value).
- not
Before stringLeeway (string: <optional>)- Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".- oidc
Client stringId (string: <optional>)- The OAuth Client ID configured with the OIDC provider.- oidc
Client stringSecret (string: <optional>)- The OAuth Client Secret configured with the OIDC provider.- oidc
Disable booleanUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc
Discovery stringUrl (string: <optional>)- The OIDC Discovery URL, without any .well-known component (base path).- oidc
Scopes string[] ([]string: <optional>)- List of OIDC scopes.- signing
Algs string[] ([]string: <optional>)- A list of supported signing algorithms.
- allowed_
redirect_ Sequence[str]uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- bound_
audiences Sequence[str] ([]string: <optional>)- List of auth claims that are valid for login.- bound_
issuers Sequence[str] ([]string: <optional>)- The value against which to match the iss claim in a JWT.- claim_
mappings Mapping[str, str] - Mappings of claims (key) that will be copied to a metadata field (value).
- clock_
skew_ strleeway (string: <optional>)- Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".- discovery_
ca_ Sequence[str]pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- expiration_
leeway str (string: <optional>)- Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".- jwks_
ca_ strcert (string: <optional>)- PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.- jwks_
url str (string: <optional>)- JSON Web Key Sets url for authenticating signatures.- jwt_
validation_ Sequence[str]pub_ keys ([]string: <optional>)- List of PEM-encoded public keys to use to authenticate signatures locally.- list_
claim_ Mapping[str, str]mappings - Mappings of list claims (key) that will be copied to a metadata field (value).
- not_
before_ strleeway (string: <optional>)- Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".- oidc_
client_ strid (string: <optional>)- The OAuth Client ID configured with the OIDC provider.- oidc_
client_ strsecret (string: <optional>)- The OAuth Client Secret configured with the OIDC provider.- oidc_
disable_ booluserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc_
discovery_ strurl (string: <optional>)- The OIDC Discovery URL, without any .well-known component (base path).- oidc_
scopes Sequence[str] ([]string: <optional>)- List of OIDC scopes.- signing_
algs Sequence[str] ([]string: <optional>)- A list of supported signing algorithms.
- allowed
Redirect List<String>Uris ([]string: <optional>)- A list of allowed values that can be used for the redirect URI.- bound
Audiences List<String> ([]string: <optional>)- List of auth claims that are valid for login.- bound
Issuers List<String> ([]string: <optional>)- The value against which to match the iss claim in a JWT.- claim
Mappings Map<String> - Mappings of claims (key) that will be copied to a metadata field (value).
- clock
Skew StringLeeway (string: <optional>)- Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".- discovery
Ca List<String>Pems ([]string: <optional>)- PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.- expiration
Leeway String (string: <optional>)- Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".- jwks
Ca StringCert (string: <optional>)- PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.- jwks
Url String (string: <optional>)- JSON Web Key Sets url for authenticating signatures.- jwt
Validation List<String>Pub Keys ([]string: <optional>)- List of PEM-encoded public keys to use to authenticate signatures locally.- list
Claim Map<String>Mappings - Mappings of list claims (key) that will be copied to a metadata field (value).
- not
Before StringLeeway (string: <optional>)- Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".- oidc
Client StringId (string: <optional>)- The OAuth Client ID configured with the OIDC provider.- oidc
Client StringSecret (string: <optional>)- The OAuth Client Secret configured with the OIDC provider.- oidc
Disable BooleanUserinfo (bool: false)- When set totrue, Nomad will not make a request to the identity provider to get OIDCUserInfo. You may wish to set this if your identity provider doesn't send any additional claims from theUserInfoendpoint.- oidc
Discovery StringUrl (string: <optional>)- The OIDC Discovery URL, without any .well-known component (base path).- oidc
Scopes List<String> ([]string: <optional>)- List of OIDC scopes.- signing
Algs List<String> ([]string: <optional>)- A list of supported signing algorithms.
Package Details
- Repository
- HashiCorp Nomad pulumi/pulumi-nomad
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
nomadTerraform Provider.