Pulumi Cloud v0.29.0, Jan 21 25

This provider is currently in preview.

Pulumi Cloud v0.29.0 published on Tuesday, Jan 21, 2025 by Pulumi

pulumi/pulumi-pulumiservice

pulumiservice.OidcIssuer

Explore with Pulumi AI

This provider is currently in preview.

Pulumi Cloud v0.29.0 published on Tuesday, Jan 21, 2025 by Pulumi

pulumi/pulumi-pulumiservice

Create OidcIssuer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new OidcIssuer(name: string, args: OidcIssuerArgs, opts?: CustomResourceOptions);

@overload
def OidcIssuer(resource_name: str,
               args: OidcIssuerArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def OidcIssuer(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               name: Optional[str] = None,
               organization: Optional[str] = None,
               url: Optional[str] = None,
               max_expiration_seconds: Optional[int] = None,
               policies: Optional[Sequence[AuthPolicyDefinitionArgs]] = None,
               thumbprints: Optional[Sequence[str]] = None)

func NewOidcIssuer(ctx *Context, name string, args OidcIssuerArgs, opts ...ResourceOption) (*OidcIssuer, error)

public OidcIssuer(string name, OidcIssuerArgs args, CustomResourceOptions? opts = null)

public OidcIssuer(String name, OidcIssuerArgs args)
public OidcIssuer(String name, OidcIssuerArgs args, CustomResourceOptions options)

type: pulumiservice:OidcIssuer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args OidcIssuerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OidcIssuerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OidcIssuerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OidcIssuerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OidcIssuerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var oidcIssuerResource = new PulumiService.OidcIssuer("oidcIssuerResource", new()
{
    Name = "string",
    Organization = "string",
    Url = "string",
    MaxExpirationSeconds = 0,
    Policies = new[]
    {
        new PulumiService.Inputs.AuthPolicyDefinitionArgs
        {
            Decision = PulumiService.AuthPolicyDecision.Deny,
            Rules = 
            {
                { "string", "string" },
            },
            TokenType = PulumiService.AuthPolicyTokenType.Personal,
            AuthorizedPermissions = new[]
            {
                PulumiService.AuthPolicyPermissionLevel.Standard,
            },
            RunnerID = "string",
            TeamName = "string",
            UserLogin = "string",
        },
    },
    Thumbprints = new[]
    {
        "string",
    },
});

example, err := pulumiservice.NewOidcIssuer(ctx, "oidcIssuerResource", &pulumiservice.OidcIssuerArgs{
	Name:                 pulumi.String("string"),
	Organization:         pulumi.String("string"),
	Url:                  pulumi.String("string"),
	MaxExpirationSeconds: pulumi.Int(0),
	Policies: pulumiservice.AuthPolicyDefinitionArray{
		&pulumiservice.AuthPolicyDefinitionArgs{
			Decision: pulumiservice.AuthPolicyDecisionDeny,
			Rules: pulumi.StringMap{
				"string": pulumi.String("string"),
			},
			TokenType: pulumiservice.AuthPolicyTokenTypePersonal,
			AuthorizedPermissions: pulumiservice.AuthPolicyPermissionLevelArray{
				pulumiservice.AuthPolicyPermissionLevelStandard,
			},
			RunnerID:  pulumi.String("string"),
			TeamName:  pulumi.String("string"),
			UserLogin: pulumi.String("string"),
		},
	},
	Thumbprints: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var oidcIssuerResource = new OidcIssuer("oidcIssuerResource", OidcIssuerArgs.builder()
    .name("string")
    .organization("string")
    .url("string")
    .maxExpirationSeconds(0)
    .policies(AuthPolicyDefinitionArgs.builder()
        .decision("deny")
        .rules(Map.of("string", "string"))
        .tokenType("personal")
        .authorizedPermissions("standard")
        .runnerID("string")
        .teamName("string")
        .userLogin("string")
        .build())
    .thumbprints("string")
    .build());

oidc_issuer_resource = pulumiservice.OidcIssuer("oidcIssuerResource",
    name="string",
    organization="string",
    url="string",
    max_expiration_seconds=0,
    policies=[{
        "decision": pulumiservice.AuthPolicyDecision.DENY,
        "rules": {
            "string": "string",
        },
        "token_type": pulumiservice.AuthPolicyTokenType.PERSONAL,
        "authorized_permissions": [pulumiservice.AuthPolicyPermissionLevel.STANDARD],
        "runner_id": "string",
        "team_name": "string",
        "user_login": "string",
    }],
    thumbprints=["string"])

const oidcIssuerResource = new pulumiservice.OidcIssuer("oidcIssuerResource", {
    name: "string",
    organization: "string",
    url: "string",
    maxExpirationSeconds: 0,
    policies: [{
        decision: pulumiservice.AuthPolicyDecision.Deny,
        rules: {
            string: "string",
        },
        tokenType: pulumiservice.AuthPolicyTokenType.Personal,
        authorizedPermissions: [pulumiservice.AuthPolicyPermissionLevel.Standard],
        runnerID: "string",
        teamName: "string",
        userLogin: "string",
    }],
    thumbprints: ["string"],
});

type: pulumiservice:OidcIssuer
properties:
    maxExpirationSeconds: 0
    name: string
    organization: string
    policies:
        - authorizedPermissions:
            - standard
          decision: deny
          rules:
            string: string
          runnerID: string
          teamName: string
          tokenType: personal
          userLogin: string
    thumbprints:
        - string
    url: string

OidcIssuer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The OidcIssuer resource accepts the following input properties:

Name string: Issuer name.
Organization string: Organization name.
Url string: The OIDC issuer URL.
MaxExpirationSeconds int: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
Policies List<Pulumi.PulumiService.Inputs.AuthPolicyDefinition>: The auth policies for this Oidc Issuer.
Thumbprints List<string>: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.

Name string: Issuer name.
Organization string: Organization name.
Url string: The OIDC issuer URL.
MaxExpirationSeconds int: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
Policies []AuthPolicyDefinitionArgs: The auth policies for this Oidc Issuer.
Thumbprints []string: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.

name String: Issuer name.
organization String: Organization name.
url String: The OIDC issuer URL.
maxExpirationSeconds Integer: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
policies List<AuthPolicyDefinition>: The auth policies for this Oidc Issuer.
thumbprints List<String>: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.

name string: Issuer name.
organization string: Organization name.
url string: The OIDC issuer URL.
maxExpirationSeconds number: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
policies AuthPolicyDefinition[]: The auth policies for this Oidc Issuer.
thumbprints string[]: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.

name str: Issuer name.
organization str: Organization name.
url str: The OIDC issuer URL.
max_expiration_seconds int: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
policies Sequence[AuthPolicyDefinitionArgs]: The auth policies for this Oidc Issuer.
thumbprints Sequence[str]: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.

name String: Issuer name.
organization String: Organization name.
url String: The OIDC issuer URL.
maxExpirationSeconds Number: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
policies List<Property Map>: The auth policies for this Oidc Issuer.
thumbprints List<String>: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.

Outputs

All input properties are implicitly available as output properties. Additionally, the OidcIssuer resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Supporting Types

AuthPolicyDecision, AuthPolicyDecisionArgs

Deny: denyA deny rule for Oidc Issuer Policy.
Allow: allowAn allow rule for Oidc Issuer Policy.

AuthPolicyDecisionDeny: denyA deny rule for Oidc Issuer Policy.
AuthPolicyDecisionAllow: allowAn allow rule for Oidc Issuer Policy.

Deny: denyA deny rule for Oidc Issuer Policy.
Allow: allowAn allow rule for Oidc Issuer Policy.

Deny: denyA deny rule for Oidc Issuer Policy.
Allow: allowAn allow rule for Oidc Issuer Policy.

DENY: denyA deny rule for Oidc Issuer Policy.
ALLOW: allowAn allow rule for Oidc Issuer Policy.

"deny": denyA deny rule for Oidc Issuer Policy.
"allow": allowAn allow rule for Oidc Issuer Policy.

AuthPolicyDefinition, AuthPolicyDefinitionArgs

Decision Pulumi.PulumiService.AuthPolicyDecision: The rule type of this policy definition
Rules Dictionary<string, string>: OIDC rules to set for this policy.
TokenType Pulumi.PulumiService.AuthPolicyTokenType: The token type for this policy definition
AuthorizedPermissions List<Pulumi.PulumiService.AuthPolicyPermissionLevel>: The permission level for organization tokens.
RunnerID string: The runner ID for deployment runner tokens.
TeamName string: The team name for team tokens.
UserLogin string: The user login for personal tokens.

Decision AuthPolicyDecision: The rule type of this policy definition
Rules map[string]string: OIDC rules to set for this policy.
TokenType AuthPolicyTokenType: The token type for this policy definition
AuthorizedPermissions []AuthPolicyPermissionLevel: The permission level for organization tokens.
RunnerID string: The runner ID for deployment runner tokens.
TeamName string: The team name for team tokens.
UserLogin string: The user login for personal tokens.

decision AuthPolicyDecision: The rule type of this policy definition
rules Map<String,String>: OIDC rules to set for this policy.
tokenType AuthPolicyTokenType: The token type for this policy definition
authorizedPermissions List<AuthPolicyPermissionLevel>: The permission level for organization tokens.
runnerID String: The runner ID for deployment runner tokens.
teamName String: The team name for team tokens.
userLogin String: The user login for personal tokens.

decision AuthPolicyDecision: The rule type of this policy definition
rules {[key: string]: string}: OIDC rules to set for this policy.
tokenType AuthPolicyTokenType: The token type for this policy definition
authorizedPermissions AuthPolicyPermissionLevel[]: The permission level for organization tokens.
runnerID string: The runner ID for deployment runner tokens.
teamName string: The team name for team tokens.
userLogin string: The user login for personal tokens.

decision AuthPolicyDecision: The rule type of this policy definition
rules Mapping[str, str]: OIDC rules to set for this policy.
token_type AuthPolicyTokenType: The token type for this policy definition
authorized_permissions Sequence[AuthPolicyPermissionLevel]: The permission level for organization tokens.
runner_id str: The runner ID for deployment runner tokens.
team_name str: The team name for team tokens.
user_login str: The user login for personal tokens.

decision "deny" | "allow": The rule type of this policy definition
rules Map<String>: OIDC rules to set for this policy.
tokenType "personal" | "team" | "organization" | "runner": The token type for this policy definition
authorizedPermissions List<"standard" | "admin">: The permission level for organization tokens.
runnerID String: The runner ID for deployment runner tokens.
teamName String: The team name for team tokens.
userLogin String: The user login for personal tokens.

AuthPolicyPermissionLevel, AuthPolicyPermissionLevelArgs

Standard: standardStandard level of permissions.
Admin: adminAdmin level of permissions.

AuthPolicyPermissionLevelStandard: standardStandard level of permissions.
AuthPolicyPermissionLevelAdmin: adminAdmin level of permissions.

Standard: standardStandard level of permissions.
Admin: adminAdmin level of permissions.

Standard: standardStandard level of permissions.
Admin: adminAdmin level of permissions.

STANDARD: standardStandard level of permissions.
ADMIN: adminAdmin level of permissions.

"standard": standardStandard level of permissions.
"admin": adminAdmin level of permissions.

AuthPolicyTokenType, AuthPolicyTokenTypeArgs

Personal: personalPersonal Pulumi token. Requires userLogin field to be filled.
Team: teamTeam Pulumi token. Requires teamName field to be filled.
Organization: organizationOrganization Pulumi token. Requires authorizedPermissions field to be filled.
Runner: runnerDeployment Runner Pulumi token. Requires runnerID field to be filled.

AuthPolicyTokenTypePersonal: personalPersonal Pulumi token. Requires userLogin field to be filled.
AuthPolicyTokenTypeTeam: teamTeam Pulumi token. Requires teamName field to be filled.
AuthPolicyTokenTypeOrganization: organizationOrganization Pulumi token. Requires authorizedPermissions field to be filled.
AuthPolicyTokenTypeRunner: runnerDeployment Runner Pulumi token. Requires runnerID field to be filled.

Personal: personalPersonal Pulumi token. Requires userLogin field to be filled.
Team: teamTeam Pulumi token. Requires teamName field to be filled.
Organization: organizationOrganization Pulumi token. Requires authorizedPermissions field to be filled.
Runner: runnerDeployment Runner Pulumi token. Requires runnerID field to be filled.

Personal: personalPersonal Pulumi token. Requires userLogin field to be filled.
Team: teamTeam Pulumi token. Requires teamName field to be filled.
Organization: organizationOrganization Pulumi token. Requires authorizedPermissions field to be filled.
Runner: runnerDeployment Runner Pulumi token. Requires runnerID field to be filled.

PERSONAL: personalPersonal Pulumi token. Requires userLogin field to be filled.
TEAM: teamTeam Pulumi token. Requires teamName field to be filled.
ORGANIZATION: organizationOrganization Pulumi token. Requires authorizedPermissions field to be filled.
RUNNER: runnerDeployment Runner Pulumi token. Requires runnerID field to be filled.

"personal": personalPersonal Pulumi token. Requires userLogin field to be filled.
"team": teamTeam Pulumi token. Requires teamName field to be filled.
"organization": organizationOrganization Pulumi token. Requires authorizedPermissions field to be filled.
"runner": runnerDeployment Runner Pulumi token. Requires runnerID field to be filled.

Package Details

Repository: pulumiservice pulumi/pulumi-pulumiservice
License: Apache-2.0

This provider is currently in preview.

Pulumi Cloud v0.29.0 published on Tuesday, Jan 21, 2025 by Pulumi

pulumi/pulumi-pulumiservice

pulumiservice.OidcIssuer

On this page

On this page

Create OidcIssuer Resource

Constructor syntax

Parameters

Constructor example

OidcIssuer Resource Properties

Inputs

Outputs

Supporting Types

AuthPolicyDecision, AuthPolicyDecisionArgs

AuthPolicyDefinition, AuthPolicyDefinitionArgs

AuthPolicyPermissionLevel, AuthPolicyPermissionLevelArgs

AuthPolicyTokenType, AuthPolicyTokenTypeArgs

Package Details

On this page

On this page