HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi
vault.identity.getOidcOpenidConfig
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const key = new vault.identity.OidcKey("key", {
name: "key",
allowedClientIds: ["*"],
rotationPeriod: 3600,
verificationTtl: 3600,
});
const app = new vault.identity.OidcClient("app", {
name: "application",
key: key.name,
redirectUris: [
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
idTokenTtl: 2400,
accessTokenTtl: 7200,
});
const provider = new vault.identity.OidcProvider("provider", {
name: "provider",
allowedClientIds: [test.clientId],
});
const config = vault.identity.getOidcOpenidConfigOutput({
name: provider.name,
});
import pulumi
import pulumi_vault as vault
key = vault.identity.OidcKey("key",
name="key",
allowed_client_ids=["*"],
rotation_period=3600,
verification_ttl=3600)
app = vault.identity.OidcClient("app",
name="application",
key=key.name,
redirect_uris=[
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
],
id_token_ttl=2400,
access_token_ttl=7200)
provider = vault.identity.OidcProvider("provider",
name="provider",
allowed_client_ids=[test["clientId"]])
config = vault.identity.get_oidc_openid_config_output(name=provider.name)
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
Name: pulumi.String("key"),
AllowedClientIds: pulumi.StringArray{
pulumi.String("*"),
},
RotationPeriod: pulumi.Int(3600),
VerificationTtl: pulumi.Int(3600),
})
if err != nil {
return err
}
_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
Name: pulumi.String("application"),
Key: key.Name,
RedirectUris: pulumi.StringArray{
pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
pulumi.String("http://127.0.0.1:8251/callback"),
pulumi.String("http://127.0.0.1:8080/callback"),
},
IdTokenTtl: pulumi.Int(2400),
AccessTokenTtl: pulumi.Int(7200),
})
if err != nil {
return err
}
provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
Name: pulumi.String("provider"),
AllowedClientIds: pulumi.StringArray{
test.ClientId,
},
})
if err != nil {
return err
}
_ = identity.GetOidcOpenidConfigOutput(ctx, identity.GetOidcOpenidConfigOutputArgs{
Name: provider.Name,
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var key = new Vault.Identity.OidcKey("key", new()
{
Name = "key",
AllowedClientIds = new[]
{
"*",
},
RotationPeriod = 3600,
VerificationTtl = 3600,
});
var app = new Vault.Identity.OidcClient("app", new()
{
Name = "application",
Key = key.Name,
RedirectUris = new[]
{
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback",
},
IdTokenTtl = 2400,
AccessTokenTtl = 7200,
});
var provider = new Vault.Identity.OidcProvider("provider", new()
{
Name = "provider",
AllowedClientIds = new[]
{
test.ClientId,
},
});
var config = Vault.Identity.GetOidcOpenidConfig.Invoke(new()
{
Name = provider.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import com.pulumi.vault.identity.OidcProvider;
import com.pulumi.vault.identity.OidcProviderArgs;
import com.pulumi.vault.identity.IdentityFunctions;
import com.pulumi.vault.identity.inputs.GetOidcOpenidConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new OidcKey("key", OidcKeyArgs.builder()
.name("key")
.allowedClientIds("*")
.rotationPeriod(3600)
.verificationTtl(3600)
.build());
var app = new OidcClient("app", OidcClientArgs.builder()
.name("application")
.key(key.name())
.redirectUris(
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback")
.idTokenTtl(2400)
.accessTokenTtl(7200)
.build());
var provider = new OidcProvider("provider", OidcProviderArgs.builder()
.name("provider")
.allowedClientIds(test.clientId())
.build());
final var config = IdentityFunctions.getOidcOpenidConfig(GetOidcOpenidConfigArgs.builder()
.name(provider.name())
.build());
}
}
resources:
key:
type: vault:identity:OidcKey
properties:
name: key
allowedClientIds:
- '*'
rotationPeriod: 3600
verificationTtl: 3600
app:
type: vault:identity:OidcClient
properties:
name: application
key: ${key.name}
redirectUris:
- http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
- http://127.0.0.1:8251/callback
- http://127.0.0.1:8080/callback
idTokenTtl: 2400
accessTokenTtl: 7200
provider:
type: vault:identity:OidcProvider
properties:
name: provider
allowedClientIds:
- ${test.clientId}
variables:
config:
fn::invoke:
Function: vault:identity:getOidcOpenidConfig
Arguments:
name: ${provider.name}
Using getOidcOpenidConfig
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getOidcOpenidConfig(args: GetOidcOpenidConfigArgs, opts?: InvokeOptions): Promise<GetOidcOpenidConfigResult>
function getOidcOpenidConfigOutput(args: GetOidcOpenidConfigOutputArgs, opts?: InvokeOptions): Output<GetOidcOpenidConfigResult>
def get_oidc_openid_config(name: Optional[str] = None,
namespace: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetOidcOpenidConfigResult
def get_oidc_openid_config_output(name: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetOidcOpenidConfigResult]
func GetOidcOpenidConfig(ctx *Context, args *GetOidcOpenidConfigArgs, opts ...InvokeOption) (*GetOidcOpenidConfigResult, error)
func GetOidcOpenidConfigOutput(ctx *Context, args *GetOidcOpenidConfigOutputArgs, opts ...InvokeOption) GetOidcOpenidConfigResultOutput
> Note: This function is named GetOidcOpenidConfig
in the Go SDK.
public static class GetOidcOpenidConfig
{
public static Task<GetOidcOpenidConfigResult> InvokeAsync(GetOidcOpenidConfigArgs args, InvokeOptions? opts = null)
public static Output<GetOidcOpenidConfigResult> Invoke(GetOidcOpenidConfigInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetOidcOpenidConfigResult> getOidcOpenidConfig(GetOidcOpenidConfigArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: vault:identity/getOidcOpenidConfig:getOidcOpenidConfig
arguments:
# arguments dictionary
The following arguments are supported:
getOidcOpenidConfig Result
The following output properties are available:
- string
- The Authorization Endpoint for the provider.
- Grant
Types List<string>Supporteds - The grant types supported by the provider.
- Id string
- The provider-assigned unique ID for this managed resource.
- Id
Token List<string>Signing Alg Values Supporteds - The signing algorithms supported by the provider.
- Issuer string
- The URL of the issuer for the provider.
- Jwks
Uri string - The well known keys URI for the provider.
- Name string
- Request
Uri boolParameter Supported - Specifies whether Request URI Parameter is supported by the provider.
- Response
Types List<string>Supporteds - The response types supported by the provider.
- Scopes
Supporteds List<string> - The scopes supported by the provider.
- Subject
Types List<string>Supporteds - The subject types supported by the provider.
- Token
Endpoint string - The Token Endpoint for the provider.
- Token
Endpoint List<string>Auth Methods Supporteds - The token endpoint auth methods supported by the provider.
- Userinfo
Endpoint string - The User Info Endpoint for the provider
- Namespace string
- string
- The Authorization Endpoint for the provider.
- Grant
Types []stringSupporteds - The grant types supported by the provider.
- Id string
- The provider-assigned unique ID for this managed resource.
- Id
Token []stringSigning Alg Values Supporteds - The signing algorithms supported by the provider.
- Issuer string
- The URL of the issuer for the provider.
- Jwks
Uri string - The well known keys URI for the provider.
- Name string
- Request
Uri boolParameter Supported - Specifies whether Request URI Parameter is supported by the provider.
- Response
Types []stringSupporteds - The response types supported by the provider.
- Scopes
Supporteds []string - The scopes supported by the provider.
- Subject
Types []stringSupporteds - The subject types supported by the provider.
- Token
Endpoint string - The Token Endpoint for the provider.
- Token
Endpoint []stringAuth Methods Supporteds - The token endpoint auth methods supported by the provider.
- Userinfo
Endpoint string - The User Info Endpoint for the provider
- Namespace string
- String
- The Authorization Endpoint for the provider.
- grant
Types List<String>Supporteds - The grant types supported by the provider.
- id String
- The provider-assigned unique ID for this managed resource.
- id
Token List<String>Signing Alg Values Supporteds - The signing algorithms supported by the provider.
- issuer String
- The URL of the issuer for the provider.
- jwks
Uri String - The well known keys URI for the provider.
- name String
- request
Uri BooleanParameter Supported - Specifies whether Request URI Parameter is supported by the provider.
- response
Types List<String>Supporteds - The response types supported by the provider.
- scopes
Supporteds List<String> - The scopes supported by the provider.
- subject
Types List<String>Supporteds - The subject types supported by the provider.
- token
Endpoint String - The Token Endpoint for the provider.
- token
Endpoint List<String>Auth Methods Supporteds - The token endpoint auth methods supported by the provider.
- userinfo
Endpoint String - The User Info Endpoint for the provider
- namespace String
- string
- The Authorization Endpoint for the provider.
- grant
Types string[]Supporteds - The grant types supported by the provider.
- id string
- The provider-assigned unique ID for this managed resource.
- id
Token string[]Signing Alg Values Supporteds - The signing algorithms supported by the provider.
- issuer string
- The URL of the issuer for the provider.
- jwks
Uri string - The well known keys URI for the provider.
- name string
- request
Uri booleanParameter Supported - Specifies whether Request URI Parameter is supported by the provider.
- response
Types string[]Supporteds - The response types supported by the provider.
- scopes
Supporteds string[] - The scopes supported by the provider.
- subject
Types string[]Supporteds - The subject types supported by the provider.
- token
Endpoint string - The Token Endpoint for the provider.
- token
Endpoint string[]Auth Methods Supporteds - The token endpoint auth methods supported by the provider.
- userinfo
Endpoint string - The User Info Endpoint for the provider
- namespace string
- str
- The Authorization Endpoint for the provider.
- grant_
types_ Sequence[str]supporteds - The grant types supported by the provider.
- id str
- The provider-assigned unique ID for this managed resource.
- id_
token_ Sequence[str]signing_ alg_ values_ supporteds - The signing algorithms supported by the provider.
- issuer str
- The URL of the issuer for the provider.
- jwks_
uri str - The well known keys URI for the provider.
- name str
- request_
uri_ boolparameter_ supported - Specifies whether Request URI Parameter is supported by the provider.
- response_
types_ Sequence[str]supporteds - The response types supported by the provider.
- scopes_
supporteds Sequence[str] - The scopes supported by the provider.
- subject_
types_ Sequence[str]supporteds - The subject types supported by the provider.
- token_
endpoint str - The Token Endpoint for the provider.
- token_
endpoint_ Sequence[str]auth_ methods_ supporteds - The token endpoint auth methods supported by the provider.
- userinfo_
endpoint str - The User Info Endpoint for the provider
- namespace str
- String
- The Authorization Endpoint for the provider.
- grant
Types List<String>Supporteds - The grant types supported by the provider.
- id String
- The provider-assigned unique ID for this managed resource.
- id
Token List<String>Signing Alg Values Supporteds - The signing algorithms supported by the provider.
- issuer String
- The URL of the issuer for the provider.
- jwks
Uri String - The well known keys URI for the provider.
- name String
- request
Uri BooleanParameter Supported - Specifies whether Request URI Parameter is supported by the provider.
- response
Types List<String>Supporteds - The response types supported by the provider.
- scopes
Supporteds List<String> - The scopes supported by the provider.
- subject
Types List<String>Supporteds - The subject types supported by the provider.
- token
Endpoint String - The Token Endpoint for the provider.
- token
Endpoint List<String>Auth Methods Supporteds - The token endpoint auth methods supported by the provider.
- userinfo
Endpoint String - The User Info Endpoint for the provider
- namespace String
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.