1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. identity
  5. getOidcPublicKeys
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.identity.getOidcPublicKeys

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const key = new vault.identity.OidcKey("key", {
        name: "key",
        allowedClientIds: ["*"],
        rotationPeriod: 3600,
        verificationTtl: 3600,
    });
    const app = new vault.identity.OidcClient("app", {
        name: "application",
        key: key.name,
        redirectUris: [
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        idTokenTtl: 2400,
        accessTokenTtl: 7200,
    });
    const provider = new vault.identity.OidcProvider("provider", {
        name: "provider",
        allowedClientIds: [test.clientId],
    });
    const publicKeys = vault.identity.getOidcPublicKeysOutput({
        name: provider.name,
    });
    
    import pulumi
    import pulumi_vault as vault
    
    key = vault.identity.OidcKey("key",
        name="key",
        allowed_client_ids=["*"],
        rotation_period=3600,
        verification_ttl=3600)
    app = vault.identity.OidcClient("app",
        name="application",
        key=key.name,
        redirect_uris=[
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        ],
        id_token_ttl=2400,
        access_token_ttl=7200)
    provider = vault.identity.OidcProvider("provider",
        name="provider",
        allowed_client_ids=[test["clientId"]])
    public_keys = vault.identity.get_oidc_public_keys_output(name=provider.name)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
    			Name: pulumi.String("key"),
    			AllowedClientIds: pulumi.StringArray{
    				pulumi.String("*"),
    			},
    			RotationPeriod:  pulumi.Int(3600),
    			VerificationTtl: pulumi.Int(3600),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
    			Name: pulumi.String("application"),
    			Key:  key.Name,
    			RedirectUris: pulumi.StringArray{
    				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
    				pulumi.String("http://127.0.0.1:8251/callback"),
    				pulumi.String("http://127.0.0.1:8080/callback"),
    			},
    			IdTokenTtl:     pulumi.Int(2400),
    			AccessTokenTtl: pulumi.Int(7200),
    		})
    		if err != nil {
    			return err
    		}
    		provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
    			Name: pulumi.String("provider"),
    			AllowedClientIds: pulumi.StringArray{
    				test.ClientId,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_ = identity.GetOidcPublicKeysOutput(ctx, identity.GetOidcPublicKeysOutputArgs{
    			Name: provider.Name,
    		}, nil)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var key = new Vault.Identity.OidcKey("key", new()
        {
            Name = "key",
            AllowedClientIds = new[]
            {
                "*",
            },
            RotationPeriod = 3600,
            VerificationTtl = 3600,
        });
    
        var app = new Vault.Identity.OidcClient("app", new()
        {
            Name = "application",
            Key = key.Name,
            RedirectUris = new[]
            {
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback",
            },
            IdTokenTtl = 2400,
            AccessTokenTtl = 7200,
        });
    
        var provider = new Vault.Identity.OidcProvider("provider", new()
        {
            Name = "provider",
            AllowedClientIds = new[]
            {
                test.ClientId,
            },
        });
    
        var publicKeys = Vault.Identity.GetOidcPublicKeys.Invoke(new()
        {
            Name = provider.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.identity.OidcKey;
    import com.pulumi.vault.identity.OidcKeyArgs;
    import com.pulumi.vault.identity.OidcClient;
    import com.pulumi.vault.identity.OidcClientArgs;
    import com.pulumi.vault.identity.OidcProvider;
    import com.pulumi.vault.identity.OidcProviderArgs;
    import com.pulumi.vault.identity.IdentityFunctions;
    import com.pulumi.vault.identity.inputs.GetOidcPublicKeysArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var key = new OidcKey("key", OidcKeyArgs.builder()
                .name("key")
                .allowedClientIds("*")
                .rotationPeriod(3600)
                .verificationTtl(3600)
                .build());
    
            var app = new OidcClient("app", OidcClientArgs.builder()
                .name("application")
                .key(key.name())
                .redirectUris(            
                    "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                    "http://127.0.0.1:8251/callback",
                    "http://127.0.0.1:8080/callback")
                .idTokenTtl(2400)
                .accessTokenTtl(7200)
                .build());
    
            var provider = new OidcProvider("provider", OidcProviderArgs.builder()
                .name("provider")
                .allowedClientIds(test.clientId())
                .build());
    
            final var publicKeys = IdentityFunctions.getOidcPublicKeys(GetOidcPublicKeysArgs.builder()
                .name(provider.name())
                .build());
    
        }
    }
    
    resources:
      key:
        type: vault:identity:OidcKey
        properties:
          name: key
          allowedClientIds:
            - '*'
          rotationPeriod: 3600
          verificationTtl: 3600
      app:
        type: vault:identity:OidcClient
        properties:
          name: application
          key: ${key.name}
          redirectUris:
            - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
            - http://127.0.0.1:8251/callback
            - http://127.0.0.1:8080/callback
          idTokenTtl: 2400
          accessTokenTtl: 7200
      provider:
        type: vault:identity:OidcProvider
        properties:
          name: provider
          allowedClientIds:
            - ${test.clientId}
    variables:
      publicKeys:
        fn::invoke:
          Function: vault:identity:getOidcPublicKeys
          Arguments:
            name: ${provider.name}
    

    Using getOidcPublicKeys

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getOidcPublicKeys(args: GetOidcPublicKeysArgs, opts?: InvokeOptions): Promise<GetOidcPublicKeysResult>
    function getOidcPublicKeysOutput(args: GetOidcPublicKeysOutputArgs, opts?: InvokeOptions): Output<GetOidcPublicKeysResult>
    def get_oidc_public_keys(name: Optional[str] = None,
                             namespace: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetOidcPublicKeysResult
    def get_oidc_public_keys_output(name: Optional[pulumi.Input[str]] = None,
                             namespace: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetOidcPublicKeysResult]
    func GetOidcPublicKeys(ctx *Context, args *GetOidcPublicKeysArgs, opts ...InvokeOption) (*GetOidcPublicKeysResult, error)
    func GetOidcPublicKeysOutput(ctx *Context, args *GetOidcPublicKeysOutputArgs, opts ...InvokeOption) GetOidcPublicKeysResultOutput

    > Note: This function is named GetOidcPublicKeys in the Go SDK.

    public static class GetOidcPublicKeys 
    {
        public static Task<GetOidcPublicKeysResult> InvokeAsync(GetOidcPublicKeysArgs args, InvokeOptions? opts = null)
        public static Output<GetOidcPublicKeysResult> Invoke(GetOidcPublicKeysInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetOidcPublicKeysResult> getOidcPublicKeys(GetOidcPublicKeysArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:identity/getOidcPublicKeys:getOidcPublicKeys
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Name string
    The name of the OIDC Provider in Vault.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Name string
    The name of the OIDC Provider in Vault.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name String
    The name of the OIDC Provider in Vault.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name string
    The name of the OIDC Provider in Vault.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name str
    The name of the OIDC Provider in Vault.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    name String
    The name of the OIDC Provider in Vault.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    getOidcPublicKeys Result

    The following output properties are available:

    Id string
    The provider-assigned unique ID for this managed resource.
    Keys List<ImmutableDictionary<string, string>>
    The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.
    Name string
    Namespace string
    Id string
    The provider-assigned unique ID for this managed resource.
    Keys []map[string]string
    The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.
    Name string
    Namespace string
    id String
    The provider-assigned unique ID for this managed resource.
    keys List<Map<String,String>>
    The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.
    name String
    namespace String
    id string
    The provider-assigned unique ID for this managed resource.
    keys {[key: string]: string}[]
    The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.
    name string
    namespace string
    id str
    The provider-assigned unique ID for this managed resource.
    keys Sequence[Mapping[str, str]]
    The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.
    name str
    namespace str
    id String
    The provider-assigned unique ID for this managed resource.
    keys List<Map<String>>
    The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.
    name String
    namespace String

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi