ovh.CloudProject.KubeOidc
Explore with Pulumi AI
Creates an OIDC configuration in an OVHcloud Managed Kubernetes cluster.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ovh from "@ovhcloud/pulumi-ovh";
const my_oidc = new ovh.cloudproject.KubeOidc("my-oidc", {
serviceName: _var.projectid,
kubeId: ovh_cloud_project_kube.mykube.id,
clientId: "xxx",
issuerUrl: "https://ovh.com",
oidcUsernameClaim: "an-email",
oidcUsernamePrefix: "ovh:",
oidcGroupsClaims: ["groups"],
oidcGroupsPrefix: "ovh:",
oidcRequiredClaims: ["claim1=val1"],
oidcSigningAlgs: ["RS512"],
oidcCaContent: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==",
});
import pulumi
import pulumi_ovh as ovh
my_oidc = ovh.cloud_project.KubeOidc("my-oidc",
service_name=var["projectid"],
kube_id=ovh_cloud_project_kube["mykube"]["id"],
client_id="xxx",
issuer_url="https://ovh.com",
oidc_username_claim="an-email",
oidc_username_prefix="ovh:",
oidc_groups_claims=["groups"],
oidc_groups_prefix="ovh:",
oidc_required_claims=["claim1=val1"],
oidc_signing_algs=["RS512"],
oidc_ca_content="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==")
package main
import (
"github.com/ovh/pulumi-ovh/sdk/go/ovh/CloudProject"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := CloudProject.NewKubeOidc(ctx, "my-oidc", &CloudProject.KubeOidcArgs{
ServiceName: pulumi.Any(_var.Projectid),
KubeId: pulumi.Any(ovh_cloud_project_kube.Mykube.Id),
ClientId: pulumi.String("xxx"),
IssuerUrl: pulumi.String("https://ovh.com"),
OidcUsernameClaim: pulumi.String("an-email"),
OidcUsernamePrefix: pulumi.String("ovh:"),
OidcGroupsClaims: pulumi.StringArray{
pulumi.String("groups"),
},
OidcGroupsPrefix: pulumi.String("ovh:"),
OidcRequiredClaims: pulumi.StringArray{
pulumi.String("claim1=val1"),
},
OidcSigningAlgs: pulumi.StringArray{
pulumi.String("RS512"),
},
OidcCaContent: pulumi.String("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ovh = Pulumi.Ovh;
return await Deployment.RunAsync(() =>
{
var my_oidc = new Ovh.CloudProject.KubeOidc("my-oidc", new()
{
ServiceName = @var.Projectid,
KubeId = ovh_cloud_project_kube.Mykube.Id,
ClientId = "xxx",
IssuerUrl = "https://ovh.com",
OidcUsernameClaim = "an-email",
OidcUsernamePrefix = "ovh:",
OidcGroupsClaims = new[]
{
"groups",
},
OidcGroupsPrefix = "ovh:",
OidcRequiredClaims = new[]
{
"claim1=val1",
},
OidcSigningAlgs = new[]
{
"RS512",
},
OidcCaContent = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ovh.CloudProject.KubeOidc;
import com.pulumi.ovh.CloudProject.KubeOidcArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var my_oidc = new KubeOidc("my-oidc", KubeOidcArgs.builder()
.serviceName(var_.projectid())
.kubeId(ovh_cloud_project_kube.mykube().id())
.clientId("xxx")
.issuerUrl("https://ovh.com")
.oidcUsernameClaim("an-email")
.oidcUsernamePrefix("ovh:")
.oidcGroupsClaims("groups")
.oidcGroupsPrefix("ovh:")
.oidcRequiredClaims("claim1=val1")
.oidcSigningAlgs("RS512")
.oidcCaContent("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==")
.build());
}
}
resources:
my-oidc:
type: ovh:CloudProject:KubeOidc
properties:
serviceName: ${var.projectid}
kubeId: ${ovh_cloud_project_kube.mykube.id}
#required field
clientId: xxx
issuerUrl: https://ovh.com
#optional field
oidcUsernameClaim: an-email
oidcUsernamePrefix: 'ovh:'
oidcGroupsClaims:
- groups
oidcGroupsPrefix: 'ovh:'
oidcRequiredClaims:
- claim1=val1
oidcSigningAlgs:
- RS512
oidcCaContent: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lVYm9YRkZrL1hCQmdQUUI4UHlqbkttUGVWekNjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQWVGdzB5TWpFd01UUXdOalE0TlROYUZ3MHlNekV3Ck1UUXdOalE0TlROYU1FVXhDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1TRXcKSHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytPMk53bGx2QTQyT05SUHMyZWlqTUp2UHhpN21RblVSS3FrOHJEV1VkCkwzZU0yM1JXeVhtS1AydDQ5Zi9LVGsweEZNVStOSTUzTEhwWmh6N3NpK3dEUFUvWWZWSS9rQmZsRm8zeVZCMSsKZWdCSnpyNGIrQ3FoaWlCUkh0Vm5LblFKUmdvOVJjVkxhRm82UEY0N1V0UWJ2bWVuNGdERnExVkYwVHhUdnFMdwpIMzRZL0U2QUJsSlZnWFBzaWQzNm54eTErNnlKV05vRXNVekFiekpWMHhzTGhxc2hOazA0TWx4YnBhcG1XcEUxCmFFMHRIZGpjUlI3Y1dTRUUwMnRSQzNYL2tSNjBKb3MxR0N0Y0ZQTTVIN3NjOFBXNFRUem1EWWhOeDRiVjV4T28KU0xYRnI5ajBzZEgxbm1wSlI1dWxJT2dPTWV3MHA2d3JOYVV2MGpxc1hzdVdqMVpxdTRLRi81aEQ3azVhRlhKNQpjYWNTUi9mRWxreW1uZis0eHZFOG8wdkRWNFR5NHo3K3lSS1U0clZvZFNBZWZIN3lqeitLV1RRck96L0lHU2NwCmV1YTdqV0hRMDdMYWxyTjV2b0tFaU1JM3MrWjhzeUdVUGVyYXQwdzJMWlc3NnhxVGl4R002clZxUldxVlQ4L1oKQTJMMEc4WGRvNTZvV2lFYVF5RkJtRDFnMXU2UEsvTmFGVDI1L2tTNWJ1dnF5L1dLVGt0UVNhNHNZc1ZLbUlQTQp0Zys0NUZ2aFErNkRuQzd0TmVnaTZDTkdTb0w0R1dPOEE5UDZRNjE5RkJJZ1VjcGpFMTgvUHpQOEJmcTAxajhnCjZmdm1jNkVPMkxHVHhDcW1DbVp0TnI3OCtQaUxkMHZIY3pqY3E3NzhiNW5WRXRpUVNRQkUyb0ozTVlIZUFIUUkKYVFJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdId1lEVlIwagpCQmd3Rm9BVUpaMUhlVmx1U3pjY0U2NEZQYWtuNkRBWnhmSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBQlhNSlU2MjJZVFZVNnZ1K2svNnkwMGNaWlRmVnZtdVJMOXhTcWxVM0I1QmQKVWdyVWx1TmdjN2dhUUlrYzkvWmh2MnhNd0xxUldMWEhiTWx1NkNvdkNiVTVpeWt0NHVWMnl5UzlZYWhmVVRNVQo3TVE0WFRta2hoS0dGbWZBQ2QzTUVwRE55T3hmWXh0UVBwM1NZT2IxRGFKMmUwY01Gc081bytORGQ5aFVBVzFoCjFLMjMwQnZzYldYYVo4MStIdTU4U1BsYTM5R3FMTG85MzR6dEs4WkRWNFRGTVJxMnNVQ1cxcWFidDh5ejd2RzAKSGV3dXdxelRwR1lTSFI1U0ZvMm45R0xKVUN4SnhxcDlOWVJjMlhUdXRUdkJESzVPMXFZZEJaQzd6cmcxSnczawp2SjI4UGx2TzBQRE42ZVlUdElJdC9yU05ZbW56eVVNRTRYREt0di9KRitLZWZNSWxDTkpzZDRHYXVTdlo5M1NOClhINmcrNEZvRkp4UzNxRmZ0WEc4czNRNnppNzNLRzh5UHZVNHU0WmZNRGd2aG92L0V5YkNLWUpFdVVZSlJWNGEKbmc3cWh3NDBabXQ0eWNCRzU5a2tFSGhNYWtxTWpPaUNkV2x4MEVjZXIxcEFGT1pqN3o1NktURXIxa0ZwUHVaRApjVER5SnNwTjh6dm9CQ0l1ancvQjR6S3kyWStOQitRR1p3dXhyTk9mRGR6ek9yQUE1Ym9OS2gwUUh4c0RxNTExClFaU3hCR21EcGJzN2QzMUQvQll3WEhIUWdwb3FoVUU5dFBGSThpN0pkM2FyeXZCdHlnTWlxSmt1VlRFVk1Ta0UKNTZ0VnFsMjlXenFhRXNrbDN3VUlmczVKKzN3RzRPcWNxRDdXaGQxWUtnc0VUMjdFTWlqVXZIYzQ4TXE0bU1rPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
Create KubeOidc Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KubeOidc(name: string, args: KubeOidcArgs, opts?: CustomResourceOptions);
@overload
def KubeOidc(resource_name: str,
args: KubeOidcArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KubeOidc(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
issuer_url: Optional[str] = None,
kube_id: Optional[str] = None,
service_name: Optional[str] = None,
oidc_ca_content: Optional[str] = None,
oidc_groups_claims: Optional[Sequence[str]] = None,
oidc_groups_prefix: Optional[str] = None,
oidc_required_claims: Optional[Sequence[str]] = None,
oidc_signing_algs: Optional[Sequence[str]] = None,
oidc_username_claim: Optional[str] = None,
oidc_username_prefix: Optional[str] = None)
func NewKubeOidc(ctx *Context, name string, args KubeOidcArgs, opts ...ResourceOption) (*KubeOidc, error)
public KubeOidc(string name, KubeOidcArgs args, CustomResourceOptions? opts = null)
public KubeOidc(String name, KubeOidcArgs args)
public KubeOidc(String name, KubeOidcArgs args, CustomResourceOptions options)
type: ovh:CloudProject:KubeOidc
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KubeOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KubeOidcArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KubeOidcArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KubeOidcArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KubeOidcArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kubeOidcResource = new Ovh.CloudProject.KubeOidc("kubeOidcResource", new()
{
ClientId = "string",
IssuerUrl = "string",
KubeId = "string",
ServiceName = "string",
OidcCaContent = "string",
OidcGroupsClaims = new[]
{
"string",
},
OidcGroupsPrefix = "string",
OidcRequiredClaims = new[]
{
"string",
},
OidcSigningAlgs = new[]
{
"string",
},
OidcUsernameClaim = "string",
OidcUsernamePrefix = "string",
});
example, err := CloudProject.NewKubeOidc(ctx, "kubeOidcResource", &CloudProject.KubeOidcArgs{
ClientId: pulumi.String("string"),
IssuerUrl: pulumi.String("string"),
KubeId: pulumi.String("string"),
ServiceName: pulumi.String("string"),
OidcCaContent: pulumi.String("string"),
OidcGroupsClaims: pulumi.StringArray{
pulumi.String("string"),
},
OidcGroupsPrefix: pulumi.String("string"),
OidcRequiredClaims: pulumi.StringArray{
pulumi.String("string"),
},
OidcSigningAlgs: pulumi.StringArray{
pulumi.String("string"),
},
OidcUsernameClaim: pulumi.String("string"),
OidcUsernamePrefix: pulumi.String("string"),
})
var kubeOidcResource = new KubeOidc("kubeOidcResource", KubeOidcArgs.builder()
.clientId("string")
.issuerUrl("string")
.kubeId("string")
.serviceName("string")
.oidcCaContent("string")
.oidcGroupsClaims("string")
.oidcGroupsPrefix("string")
.oidcRequiredClaims("string")
.oidcSigningAlgs("string")
.oidcUsernameClaim("string")
.oidcUsernamePrefix("string")
.build());
kube_oidc_resource = ovh.cloud_project.KubeOidc("kubeOidcResource",
client_id="string",
issuer_url="string",
kube_id="string",
service_name="string",
oidc_ca_content="string",
oidc_groups_claims=["string"],
oidc_groups_prefix="string",
oidc_required_claims=["string"],
oidc_signing_algs=["string"],
oidc_username_claim="string",
oidc_username_prefix="string")
const kubeOidcResource = new ovh.cloudproject.KubeOidc("kubeOidcResource", {
clientId: "string",
issuerUrl: "string",
kubeId: "string",
serviceName: "string",
oidcCaContent: "string",
oidcGroupsClaims: ["string"],
oidcGroupsPrefix: "string",
oidcRequiredClaims: ["string"],
oidcSigningAlgs: ["string"],
oidcUsernameClaim: "string",
oidcUsernamePrefix: "string",
});
type: ovh:CloudProject:KubeOidc
properties:
clientId: string
issuerUrl: string
kubeId: string
oidcCaContent: string
oidcGroupsClaims:
- string
oidcGroupsPrefix: string
oidcRequiredClaims:
- string
oidcSigningAlgs:
- string
oidcUsernameClaim: string
oidcUsernamePrefix: string
serviceName: string
KubeOidc Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KubeOidc resource accepts the following input properties:
- Client
Id string - The OIDC client ID.
- Issuer
Url string - The OIDC issuer url.
- Kube
Id string - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- Service
Name string - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource. - Oidc
Ca stringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- Oidc
Groups List<string>Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- Oidc
Groups stringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - Oidc
Required List<string>Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - Oidc
Signing List<string>Algs - Array of signing algorithms accepted. Default is
RS256
. - Oidc
Username stringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- Oidc
Username stringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing.
- Client
Id string - The OIDC client ID.
- Issuer
Url string - The OIDC issuer url.
- Kube
Id string - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- Service
Name string - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource. - Oidc
Ca stringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- Oidc
Groups []stringClaims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- Oidc
Groups stringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - Oidc
Required []stringClaims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - Oidc
Signing []stringAlgs - Array of signing algorithms accepted. Default is
RS256
. - Oidc
Username stringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- Oidc
Username stringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing.
- client
Id String - The OIDC client ID.
- issuer
Url String - The OIDC issuer url.
- kube
Id String - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- service
Name String - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource. - oidc
Ca StringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc
Groups List<String>Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc
Groups StringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc
Required List<String>Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc
Signing List<String>Algs - Array of signing algorithms accepted. Default is
RS256
. - oidc
Username StringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc
Username StringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing.
- client
Id string - The OIDC client ID.
- issuer
Url string - The OIDC issuer url.
- kube
Id string - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- service
Name string - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource. - oidc
Ca stringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc
Groups string[]Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc
Groups stringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc
Required string[]Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc
Signing string[]Algs - Array of signing algorithms accepted. Default is
RS256
. - oidc
Username stringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc
Username stringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing.
- client_
id str - The OIDC client ID.
- issuer_
url str - The OIDC issuer url.
- kube_
id str - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- service_
name str - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource. - oidc_
ca_ strcontent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc_
groups_ Sequence[str]claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc_
groups_ strprefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc_
required_ Sequence[str]claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc_
signing_ Sequence[str]algs - Array of signing algorithms accepted. Default is
RS256
. - oidc_
username_ strclaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc_
username_ strprefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing.
- client
Id String - The OIDC client ID.
- issuer
Url String - The OIDC issuer url.
- kube
Id String - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- service
Name String - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource. - oidc
Ca StringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc
Groups List<String>Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc
Groups StringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc
Required List<String>Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc
Signing List<String>Algs - Array of signing algorithms accepted. Default is
RS256
. - oidc
Username StringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc
Username StringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing.
Outputs
All input properties are implicitly available as output properties. Additionally, the KubeOidc resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing KubeOidc Resource
Get an existing KubeOidc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubeOidcState, opts?: CustomResourceOptions): KubeOidc
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
issuer_url: Optional[str] = None,
kube_id: Optional[str] = None,
oidc_ca_content: Optional[str] = None,
oidc_groups_claims: Optional[Sequence[str]] = None,
oidc_groups_prefix: Optional[str] = None,
oidc_required_claims: Optional[Sequence[str]] = None,
oidc_signing_algs: Optional[Sequence[str]] = None,
oidc_username_claim: Optional[str] = None,
oidc_username_prefix: Optional[str] = None,
service_name: Optional[str] = None) -> KubeOidc
func GetKubeOidc(ctx *Context, name string, id IDInput, state *KubeOidcState, opts ...ResourceOption) (*KubeOidc, error)
public static KubeOidc Get(string name, Input<string> id, KubeOidcState? state, CustomResourceOptions? opts = null)
public static KubeOidc get(String name, Output<String> id, KubeOidcState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Client
Id string - The OIDC client ID.
- Issuer
Url string - The OIDC issuer url.
- Kube
Id string - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- Oidc
Ca stringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- Oidc
Groups List<string>Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- Oidc
Groups stringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - Oidc
Required List<string>Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - Oidc
Signing List<string>Algs - Array of signing algorithms accepted. Default is
RS256
. - Oidc
Username stringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- Oidc
Username stringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing. - Service
Name string - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource.
- Client
Id string - The OIDC client ID.
- Issuer
Url string - The OIDC issuer url.
- Kube
Id string - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- Oidc
Ca stringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- Oidc
Groups []stringClaims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- Oidc
Groups stringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - Oidc
Required []stringClaims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - Oidc
Signing []stringAlgs - Array of signing algorithms accepted. Default is
RS256
. - Oidc
Username stringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- Oidc
Username stringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing. - Service
Name string - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource.
- client
Id String - The OIDC client ID.
- issuer
Url String - The OIDC issuer url.
- kube
Id String - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- oidc
Ca StringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc
Groups List<String>Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc
Groups StringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc
Required List<String>Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc
Signing List<String>Algs - Array of signing algorithms accepted. Default is
RS256
. - oidc
Username StringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc
Username StringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing. - service
Name String - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource.
- client
Id string - The OIDC client ID.
- issuer
Url string - The OIDC issuer url.
- kube
Id string - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- oidc
Ca stringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc
Groups string[]Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc
Groups stringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc
Required string[]Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc
Signing string[]Algs - Array of signing algorithms accepted. Default is
RS256
. - oidc
Username stringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc
Username stringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing. - service
Name string - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource.
- client_
id str - The OIDC client ID.
- issuer_
url str - The OIDC issuer url.
- kube_
id str - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- oidc_
ca_ strcontent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc_
groups_ Sequence[str]claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc_
groups_ strprefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc_
required_ Sequence[str]claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc_
signing_ Sequence[str]algs - Array of signing algorithms accepted. Default is
RS256
. - oidc_
username_ strclaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc_
username_ strprefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing. - service_
name str - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource.
- client
Id String - The OIDC client ID.
- issuer
Url String - The OIDC issuer url.
- kube
Id String - The ID of the managed kubernetes cluster. Changing this value recreates the resource.
- oidc
Ca StringContent - Content of the certificate for the CA, in Base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs.
- oidc
Groups List<String>Claims - Array of JWT claim to use as the user's group. If the claim is present it must be an array of strings.
- oidc
Groups StringPrefix - Prefix prepended to group claims to prevent clashes with existing names (such as
system:groups
). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
. - oidc
Required List<String>Claims - Array of
key=value
pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value." - oidc
Signing List<String>Algs - Array of signing algorithms accepted. Default is
RS256
. - oidc
Username StringClaim - JWT claim to use as the username. By default, sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.
- oidc
Username StringPrefix - Prefix prepended to username claims to prevent clashes with existing names (such as
system:users
). For example, the valueoidc:
will create usernames likeoidc:jane.doe
. If this field isn't set andoidc_username_claim
is a value other than email the prefix defaults toissuer_url
whereissuer_url
is the value ofissuer_url.
The value - can be used to disable all prefixing. - service
Name String - The ID of the public cloud project. If omitted, the
OVH_CLOUD_PROJECT_SERVICE
environment variable is used. Changing this value recreates the resource.
Import
OVHcloud Managed Kubernetes Service cluster OIDC can be imported using the tenant service_name
and cluster id kube_id
separated by “/” E.g.,
bash
$ pulumi import ovh:CloudProject/kubeOidc:KubeOidc my-oidc service_name/kube_id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ovh ovh/pulumi-ovh
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
ovh
Terraform Provider.