The highest tagged major version is
Documentation
¶
Index ¶
- type LookupServerArgs
- type LookupServerResult
- type Server
- type ServerArgs
- type ServerClaim
- type ServerClaimArgs
- type ServerClaimState
- type ServerPolicy
- type ServerPolicyArgs
- type ServerPolicyClaimdeprecated
- type ServerPolicyClaimArgs
- type ServerPolicyClaimState
- type ServerPolicyRule
- type ServerPolicyRuleArgs
- type ServerPolicyRuleState
- type ServerPolicyState
- type ServerScope
- type ServerScopeArgs
- type ServerScopeState
- type ServerState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type LookupServerArgs ¶
type LookupServerArgs struct {
// The name of the auth server to retrieve.
Name string `pulumi:"name"`
}
A collection of arguments for invoking getServer.
type LookupServerResult ¶
type LookupServerResult struct {
// array of audiences,
Audiences []string `pulumi:"audiences"`
// last time credentials were rotated.
CredentialsLastRotated string `pulumi:"credentialsLastRotated"`
// next time credentials will be rotated
CredentialsNextRotation string `pulumi:"credentialsNextRotation"`
// mode of credential rotation, auto or manual.
CredentialsRotationMode string `pulumi:"credentialsRotationMode"`
// description of Authorization server.
Description string `pulumi:"description"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// auth server key id.
Kid string `pulumi:"kid"`
// The name of the auth server.
Name string `pulumi:"name"`
// the activation status of the authorization server.
Status string `pulumi:"status"`
}
A collection of values returned by getServer.
func LookupServer ¶
func LookupServer(ctx *pulumi.Context, args *LookupServerArgs, opts ...pulumi.InvokeOption) (*LookupServerResult, error)
Use this data source to retrieve an auth server from Okta.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v2/go/okta/auth" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.LookupServer(ctx, &auth.LookupServerArgs{
Name: "Example Auth",
}, nil)
if err != nil {
return err
}
return nil
})
}
```
type Server ¶
type Server struct {
pulumi.CustomResourceState
// The recipients that the tokens are intended for. This becomes the `aud` claim in an access token.
Audiences pulumi.StringArrayOutput `pulumi:"audiences"`
// The timestamp when the authorization server started to use the `kid` for signing tokens.
CredentialsLastRotated pulumi.StringOutput `pulumi:"credentialsLastRotated"`
// The timestamp when the authorization server changes the key for signing tokens. Only returned when `credentialsRotationMode` is `"AUTO"`.
CredentialsNextRotation pulumi.StringOutput `pulumi:"credentialsNextRotation"`
// The key rotation mode for the authorization server. Can be `"AUTO"` or `"MANUAL"`.
CredentialsRotationMode pulumi.StringPtrOutput `pulumi:"credentialsRotationMode"`
// The description of the authorization server.
Description pulumi.StringPtrOutput `pulumi:"description"`
// The complete URL for a Custom Authorization Server. This becomes the `iss` claim in an access token.
Issuer pulumi.StringOutput `pulumi:"issuer"`
// Allows you to use a custom issuer URL. It can be set to `"CUSTOM_URL"` or `"ORG_URL"`
IssuerMode pulumi.StringPtrOutput `pulumi:"issuerMode"`
// The ID of the JSON Web Key used for signing tokens issued by the authorization server.
Kid pulumi.StringOutput `pulumi:"kid"`
// The name of the authorization server.
Name pulumi.StringOutput `pulumi:"name"`
// The status of the auth server. It defaults to `"ACTIVE"`
Status pulumi.StringPtrOutput `pulumi:"status"`
}
Creates an Authorization Server.
This resource allows you to create and configure an Authorization Server.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v2/go/okta/auth" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServer(ctx, "example", &auth.ServerArgs{
Audiences: pulumi.StringArray{
pulumi.String("api://example"),
},
Description: pulumi.String("My Example Auth Server"),
IssuerMode: pulumi.String("CUSTOM_URL"),
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
return nil
})
}
```
func GetServer ¶
func GetServer(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServerState, opts ...pulumi.ResourceOption) (*Server, error)
GetServer gets an existing Server resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServer ¶
func NewServer(ctx *pulumi.Context, name string, args *ServerArgs, opts ...pulumi.ResourceOption) (*Server, error)
NewServer registers a new resource with the given unique name, arguments, and options.
type ServerArgs ¶
type ServerArgs struct {
// The recipients that the tokens are intended for. This becomes the `aud` claim in an access token.
Audiences pulumi.StringArrayInput
// The key rotation mode for the authorization server. Can be `"AUTO"` or `"MANUAL"`.
CredentialsRotationMode pulumi.StringPtrInput
// The description of the authorization server.
Description pulumi.StringPtrInput
// Allows you to use a custom issuer URL. It can be set to `"CUSTOM_URL"` or `"ORG_URL"`
IssuerMode pulumi.StringPtrInput
// The name of the authorization server.
Name pulumi.StringPtrInput
// The status of the auth server. It defaults to `"ACTIVE"`
Status pulumi.StringPtrInput
}
The set of arguments for constructing a Server resource.
func (ServerArgs) ElementType ¶
func (ServerArgs) ElementType() reflect.Type
type ServerClaim ¶
type ServerClaim struct {
pulumi.CustomResourceState
// Specifies whether to include claims in token, by default is is set to `true`.
AlwaysIncludeInToken pulumi.BoolPtrOutput `pulumi:"alwaysIncludeInToken"`
// The Application's display name.
AuthServerId pulumi.StringOutput `pulumi:"authServerId"`
// Specifies whether the claim is for an access token `"RESOURCE"` or ID token `"IDENTITY"`.
ClaimType pulumi.StringOutput `pulumi:"claimType"`
// Specifies the type of group filter if `valueType` is `"GROUPS"`. Can be set to one of the following `"STARTS_WITH"`, `"EQUALS"`, `"CONTAINS"`, `"REGEX"`.
GroupFilterType pulumi.StringPtrOutput `pulumi:"groupFilterType"`
// The name of the claim.
Name pulumi.StringOutput `pulumi:"name"`
// The list of scopes the auth server claim is tied to.
Scopes pulumi.StringArrayOutput `pulumi:"scopes"`
// The status of the application. It defaults to `"ACTIVE"`.
Status pulumi.StringPtrOutput `pulumi:"status"`
// The value of the claim.
Value pulumi.StringOutput `pulumi:"value"`
// The type of value of the claim. It can be set to `"EXPRESSION"` or `"GROUPS"`. It defaults to `"EXPRESSION"`.
ValueType pulumi.StringPtrOutput `pulumi:"valueType"`
}
Creates an Authorization Server Claim.
This resource allows you to create and configure an Authorization Server Claim.
func GetServerClaim ¶
func GetServerClaim(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServerClaimState, opts ...pulumi.ResourceOption) (*ServerClaim, error)
GetServerClaim gets an existing ServerClaim resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServerClaim ¶
func NewServerClaim(ctx *pulumi.Context, name string, args *ServerClaimArgs, opts ...pulumi.ResourceOption) (*ServerClaim, error)
NewServerClaim registers a new resource with the given unique name, arguments, and options.
type ServerClaimArgs ¶
type ServerClaimArgs struct {
// Specifies whether to include claims in token, by default is is set to `true`.
AlwaysIncludeInToken pulumi.BoolPtrInput
// The Application's display name.
AuthServerId pulumi.StringInput
// Specifies whether the claim is for an access token `"RESOURCE"` or ID token `"IDENTITY"`.
ClaimType pulumi.StringInput
// Specifies the type of group filter if `valueType` is `"GROUPS"`. Can be set to one of the following `"STARTS_WITH"`, `"EQUALS"`, `"CONTAINS"`, `"REGEX"`.
GroupFilterType pulumi.StringPtrInput
// The name of the claim.
Name pulumi.StringPtrInput
// The list of scopes the auth server claim is tied to.
Scopes pulumi.StringArrayInput
// The status of the application. It defaults to `"ACTIVE"`.
Status pulumi.StringPtrInput
// The value of the claim.
Value pulumi.StringInput
// The type of value of the claim. It can be set to `"EXPRESSION"` or `"GROUPS"`. It defaults to `"EXPRESSION"`.
ValueType pulumi.StringPtrInput
}
The set of arguments for constructing a ServerClaim resource.
func (ServerClaimArgs) ElementType ¶
func (ServerClaimArgs) ElementType() reflect.Type
type ServerClaimState ¶
type ServerClaimState struct {
// Specifies whether to include claims in token, by default is is set to `true`.
AlwaysIncludeInToken pulumi.BoolPtrInput
// The Application's display name.
AuthServerId pulumi.StringPtrInput
// Specifies whether the claim is for an access token `"RESOURCE"` or ID token `"IDENTITY"`.
ClaimType pulumi.StringPtrInput
// Specifies the type of group filter if `valueType` is `"GROUPS"`. Can be set to one of the following `"STARTS_WITH"`, `"EQUALS"`, `"CONTAINS"`, `"REGEX"`.
GroupFilterType pulumi.StringPtrInput
// The name of the claim.
Name pulumi.StringPtrInput
// The list of scopes the auth server claim is tied to.
Scopes pulumi.StringArrayInput
// The status of the application. It defaults to `"ACTIVE"`.
Status pulumi.StringPtrInput
// The value of the claim.
Value pulumi.StringPtrInput
// The type of value of the claim. It can be set to `"EXPRESSION"` or `"GROUPS"`. It defaults to `"EXPRESSION"`.
ValueType pulumi.StringPtrInput
}
func (ServerClaimState) ElementType ¶
func (ServerClaimState) ElementType() reflect.Type
type ServerPolicy ¶
type ServerPolicy struct {
pulumi.CustomResourceState
// The ID of the Auth Server.
AuthServerId pulumi.StringOutput `pulumi:"authServerId"`
// The clients to whitelist the policy for. `["ALL_CLIENTS"]` is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.
ClientWhitelists pulumi.StringArrayOutput `pulumi:"clientWhitelists"`
// The description of the Auth Server Policy.
Description pulumi.StringOutput `pulumi:"description"`
// The name of the Auth Server Policy.
Name pulumi.StringOutput `pulumi:"name"`
// The priority of the Auth Server Policy.
Priority pulumi.IntOutput `pulumi:"priority"`
// The status of the Auth Server Policy.
Status pulumi.StringPtrOutput `pulumi:"status"`
// The type of the Auth Server Policy.
Type pulumi.StringPtrOutput `pulumi:"type"`
}
Creates an Authorization Server Policy.
This resource allows you to create and configure an Authorization Server Policy.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v2/go/okta/auth" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServerPolicy(ctx, "example", &auth.ServerPolicyArgs{
AuthServerId: pulumi.String("<auth server id>"),
ClientWhitelists: pulumi.StringArray{
pulumi.String("ALL_CLIENTS"),
},
Description: pulumi.String("example"),
Priority: pulumi.Int(1),
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
return nil
})
}
```
func GetServerPolicy ¶
func GetServerPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServerPolicyState, opts ...pulumi.ResourceOption) (*ServerPolicy, error)
GetServerPolicy gets an existing ServerPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServerPolicy ¶
func NewServerPolicy(ctx *pulumi.Context, name string, args *ServerPolicyArgs, opts ...pulumi.ResourceOption) (*ServerPolicy, error)
NewServerPolicy registers a new resource with the given unique name, arguments, and options.
type ServerPolicyArgs ¶
type ServerPolicyArgs struct {
// The ID of the Auth Server.
AuthServerId pulumi.StringInput
// The clients to whitelist the policy for. `["ALL_CLIENTS"]` is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.
ClientWhitelists pulumi.StringArrayInput
// The description of the Auth Server Policy.
Description pulumi.StringInput
// The name of the Auth Server Policy.
Name pulumi.StringPtrInput
// The priority of the Auth Server Policy.
Priority pulumi.IntInput
// The status of the Auth Server Policy.
Status pulumi.StringPtrInput
// The type of the Auth Server Policy.
Type pulumi.StringPtrInput
}
The set of arguments for constructing a ServerPolicy resource.
func (ServerPolicyArgs) ElementType ¶
func (ServerPolicyArgs) ElementType() reflect.Type
type ServerPolicyClaim
deprecated
type ServerPolicyClaim struct {
pulumi.CustomResourceState
// Lifetime of access token. Can be set to a value between 5 and 1440.
AccessTokenLifetimeMinutes pulumi.IntPtrOutput `pulumi:"accessTokenLifetimeMinutes"`
// Auth Server ID.
AuthServerId pulumi.StringOutput `pulumi:"authServerId"`
// Accepted grant type values, `"authorizationCode"`, `"implicit"`, `"password"`
GrantTypeWhitelists pulumi.StringArrayOutput `pulumi:"grantTypeWhitelists"`
GroupBlacklists pulumi.StringArrayOutput `pulumi:"groupBlacklists"`
GroupWhitelists pulumi.StringArrayOutput `pulumi:"groupWhitelists"`
// The ID of the inline token to trigger.
InlineHookId pulumi.StringPtrOutput `pulumi:"inlineHookId"`
// Auth Server Policy Rule name.
Name pulumi.StringOutput `pulumi:"name"`
// Auth Server Policy ID.
PolicyId pulumi.StringOutput `pulumi:"policyId"`
// Priority of the auth server policy rule.
Priority pulumi.IntOutput `pulumi:"priority"`
// Lifetime of refresh token.
RefreshTokenLifetimeMinutes pulumi.IntPtrOutput `pulumi:"refreshTokenLifetimeMinutes"`
// Window in which a refresh token can be used. It can be a value between 10 and 2628000 (5 years).
RefreshTokenWindowMinutes pulumi.IntPtrOutput `pulumi:"refreshTokenWindowMinutes"`
// Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with `"*"`.
ScopeWhitelists pulumi.StringArrayOutput `pulumi:"scopeWhitelists"`
// The status of the Auth Server Policy Rule.
Status pulumi.StringPtrOutput `pulumi:"status"`
// The type of the Auth Server Policy Rule.
Type pulumi.StringPtrOutput `pulumi:"type"`
UserBlacklists pulumi.StringArrayOutput `pulumi:"userBlacklists"`
UserWhitelists pulumi.StringArrayOutput `pulumi:"userWhitelists"`
}
Creates an Authorization Server Policy Rule.
This resource allows you to create and configure an Authorization Server Policy Rule.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v2/go/okta/auth" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
AuthServerId: pulumi.String("<auth server id>"),
GrantTypeWhitelists: pulumi.StringArray{
pulumi.String("implicit"),
},
GroupWhitelists: pulumi.StringArray{
pulumi.String("<group ids>"),
},
PolicyId: pulumi.String("<auth server policy id>"),
Priority: pulumi.Int(1),
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
return nil
})
}
```
Deprecated: okta.auth.ServerPolicyClaim has been deprecated in favor of okta.auth.ServerPolicyRule
func GetServerPolicyClaim ¶
func GetServerPolicyClaim(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServerPolicyClaimState, opts ...pulumi.ResourceOption) (*ServerPolicyClaim, error)
GetServerPolicyClaim gets an existing ServerPolicyClaim resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServerPolicyClaim ¶
func NewServerPolicyClaim(ctx *pulumi.Context, name string, args *ServerPolicyClaimArgs, opts ...pulumi.ResourceOption) (*ServerPolicyClaim, error)
NewServerPolicyClaim registers a new resource with the given unique name, arguments, and options.
type ServerPolicyClaimArgs ¶
type ServerPolicyClaimArgs struct {
// Lifetime of access token. Can be set to a value between 5 and 1440.
AccessTokenLifetimeMinutes pulumi.IntPtrInput
// Auth Server ID.
AuthServerId pulumi.StringInput
// Accepted grant type values, `"authorizationCode"`, `"implicit"`, `"password"`
GrantTypeWhitelists pulumi.StringArrayInput
GroupBlacklists pulumi.StringArrayInput
GroupWhitelists pulumi.StringArrayInput
// The ID of the inline token to trigger.
InlineHookId pulumi.StringPtrInput
// Auth Server Policy Rule name.
Name pulumi.StringPtrInput
// Auth Server Policy ID.
PolicyId pulumi.StringInput
// Priority of the auth server policy rule.
Priority pulumi.IntInput
// Lifetime of refresh token.
RefreshTokenLifetimeMinutes pulumi.IntPtrInput
// Window in which a refresh token can be used. It can be a value between 10 and 2628000 (5 years).
RefreshTokenWindowMinutes pulumi.IntPtrInput
// Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with `"*"`.
ScopeWhitelists pulumi.StringArrayInput
// The status of the Auth Server Policy Rule.
Status pulumi.StringPtrInput
// The type of the Auth Server Policy Rule.
Type pulumi.StringPtrInput
UserBlacklists pulumi.StringArrayInput
UserWhitelists pulumi.StringArrayInput
}
The set of arguments for constructing a ServerPolicyClaim resource.
func (ServerPolicyClaimArgs) ElementType ¶
func (ServerPolicyClaimArgs) ElementType() reflect.Type
type ServerPolicyClaimState ¶
type ServerPolicyClaimState struct {
// Lifetime of access token. Can be set to a value between 5 and 1440.
AccessTokenLifetimeMinutes pulumi.IntPtrInput
// Auth Server ID.
AuthServerId pulumi.StringPtrInput
// Accepted grant type values, `"authorizationCode"`, `"implicit"`, `"password"`
GrantTypeWhitelists pulumi.StringArrayInput
GroupBlacklists pulumi.StringArrayInput
GroupWhitelists pulumi.StringArrayInput
// The ID of the inline token to trigger.
InlineHookId pulumi.StringPtrInput
// Auth Server Policy Rule name.
Name pulumi.StringPtrInput
// Auth Server Policy ID.
PolicyId pulumi.StringPtrInput
// Priority of the auth server policy rule.
Priority pulumi.IntPtrInput
// Lifetime of refresh token.
RefreshTokenLifetimeMinutes pulumi.IntPtrInput
// Window in which a refresh token can be used. It can be a value between 10 and 2628000 (5 years).
RefreshTokenWindowMinutes pulumi.IntPtrInput
// Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with `"*"`.
ScopeWhitelists pulumi.StringArrayInput
// The status of the Auth Server Policy Rule.
Status pulumi.StringPtrInput
// The type of the Auth Server Policy Rule.
Type pulumi.StringPtrInput
UserBlacklists pulumi.StringArrayInput
UserWhitelists pulumi.StringArrayInput
}
func (ServerPolicyClaimState) ElementType ¶
func (ServerPolicyClaimState) ElementType() reflect.Type
type ServerPolicyRule ¶ added in v2.4.1
type ServerPolicyRule struct {
pulumi.CustomResourceState
// Lifetime of access token. Can be set to a value between 5 and 1440.
AccessTokenLifetimeMinutes pulumi.IntPtrOutput `pulumi:"accessTokenLifetimeMinutes"`
// Auth Server ID.
AuthServerId pulumi.StringOutput `pulumi:"authServerId"`
// Accepted grant type values, `"authorizationCode"`, `"implicit"`, `"password"`
GrantTypeWhitelists pulumi.StringArrayOutput `pulumi:"grantTypeWhitelists"`
GroupBlacklists pulumi.StringArrayOutput `pulumi:"groupBlacklists"`
GroupWhitelists pulumi.StringArrayOutput `pulumi:"groupWhitelists"`
// The ID of the inline token to trigger.
InlineHookId pulumi.StringPtrOutput `pulumi:"inlineHookId"`
// Auth Server Policy Rule name.
Name pulumi.StringOutput `pulumi:"name"`
// Auth Server Policy ID.
PolicyId pulumi.StringOutput `pulumi:"policyId"`
// Priority of the auth server policy rule.
Priority pulumi.IntOutput `pulumi:"priority"`
// Lifetime of refresh token.
RefreshTokenLifetimeMinutes pulumi.IntPtrOutput `pulumi:"refreshTokenLifetimeMinutes"`
// Window in which a refresh token can be used. It can be a value between 10 and 2628000 (5 years).
RefreshTokenWindowMinutes pulumi.IntPtrOutput `pulumi:"refreshTokenWindowMinutes"`
// Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with `"*"`.
ScopeWhitelists pulumi.StringArrayOutput `pulumi:"scopeWhitelists"`
// The status of the Auth Server Policy Rule.
Status pulumi.StringPtrOutput `pulumi:"status"`
// The type of the Auth Server Policy Rule.
Type pulumi.StringPtrOutput `pulumi:"type"`
UserBlacklists pulumi.StringArrayOutput `pulumi:"userBlacklists"`
UserWhitelists pulumi.StringArrayOutput `pulumi:"userWhitelists"`
}
Creates an Authorization Server Policy Rule.
This resource allows you to create and configure an Authorization Server Policy Rule.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v2/go/okta/auth" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
AuthServerId: pulumi.String("<auth server id>"),
GrantTypeWhitelists: pulumi.StringArray{
pulumi.String("implicit"),
},
GroupWhitelists: pulumi.StringArray{
pulumi.String("<group ids>"),
},
PolicyId: pulumi.String("<auth server policy id>"),
Priority: pulumi.Int(1),
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
return nil
})
}
```
func GetServerPolicyRule ¶ added in v2.4.1
func GetServerPolicyRule(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServerPolicyRuleState, opts ...pulumi.ResourceOption) (*ServerPolicyRule, error)
GetServerPolicyRule gets an existing ServerPolicyRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServerPolicyRule ¶ added in v2.4.1
func NewServerPolicyRule(ctx *pulumi.Context, name string, args *ServerPolicyRuleArgs, opts ...pulumi.ResourceOption) (*ServerPolicyRule, error)
NewServerPolicyRule registers a new resource with the given unique name, arguments, and options.
type ServerPolicyRuleArgs ¶ added in v2.4.1
type ServerPolicyRuleArgs struct {
// Lifetime of access token. Can be set to a value between 5 and 1440.
AccessTokenLifetimeMinutes pulumi.IntPtrInput
// Auth Server ID.
AuthServerId pulumi.StringInput
// Accepted grant type values, `"authorizationCode"`, `"implicit"`, `"password"`
GrantTypeWhitelists pulumi.StringArrayInput
GroupBlacklists pulumi.StringArrayInput
GroupWhitelists pulumi.StringArrayInput
// The ID of the inline token to trigger.
InlineHookId pulumi.StringPtrInput
// Auth Server Policy Rule name.
Name pulumi.StringPtrInput
// Auth Server Policy ID.
PolicyId pulumi.StringInput
// Priority of the auth server policy rule.
Priority pulumi.IntInput
// Lifetime of refresh token.
RefreshTokenLifetimeMinutes pulumi.IntPtrInput
// Window in which a refresh token can be used. It can be a value between 10 and 2628000 (5 years).
RefreshTokenWindowMinutes pulumi.IntPtrInput
// Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with `"*"`.
ScopeWhitelists pulumi.StringArrayInput
// The status of the Auth Server Policy Rule.
Status pulumi.StringPtrInput
// The type of the Auth Server Policy Rule.
Type pulumi.StringPtrInput
UserBlacklists pulumi.StringArrayInput
UserWhitelists pulumi.StringArrayInput
}
The set of arguments for constructing a ServerPolicyRule resource.
func (ServerPolicyRuleArgs) ElementType ¶ added in v2.4.1
func (ServerPolicyRuleArgs) ElementType() reflect.Type
type ServerPolicyRuleState ¶ added in v2.4.1
type ServerPolicyRuleState struct {
// Lifetime of access token. Can be set to a value between 5 and 1440.
AccessTokenLifetimeMinutes pulumi.IntPtrInput
// Auth Server ID.
AuthServerId pulumi.StringPtrInput
// Accepted grant type values, `"authorizationCode"`, `"implicit"`, `"password"`
GrantTypeWhitelists pulumi.StringArrayInput
GroupBlacklists pulumi.StringArrayInput
GroupWhitelists pulumi.StringArrayInput
// The ID of the inline token to trigger.
InlineHookId pulumi.StringPtrInput
// Auth Server Policy Rule name.
Name pulumi.StringPtrInput
// Auth Server Policy ID.
PolicyId pulumi.StringPtrInput
// Priority of the auth server policy rule.
Priority pulumi.IntPtrInput
// Lifetime of refresh token.
RefreshTokenLifetimeMinutes pulumi.IntPtrInput
// Window in which a refresh token can be used. It can be a value between 10 and 2628000 (5 years).
RefreshTokenWindowMinutes pulumi.IntPtrInput
// Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with `"*"`.
ScopeWhitelists pulumi.StringArrayInput
// The status of the Auth Server Policy Rule.
Status pulumi.StringPtrInput
// The type of the Auth Server Policy Rule.
Type pulumi.StringPtrInput
UserBlacklists pulumi.StringArrayInput
UserWhitelists pulumi.StringArrayInput
}
func (ServerPolicyRuleState) ElementType ¶ added in v2.4.1
func (ServerPolicyRuleState) ElementType() reflect.Type
type ServerPolicyState ¶
type ServerPolicyState struct {
// The ID of the Auth Server.
AuthServerId pulumi.StringPtrInput
// The clients to whitelist the policy for. `["ALL_CLIENTS"]` is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.
ClientWhitelists pulumi.StringArrayInput
// The description of the Auth Server Policy.
Description pulumi.StringPtrInput
// The name of the Auth Server Policy.
Name pulumi.StringPtrInput
// The priority of the Auth Server Policy.
Priority pulumi.IntPtrInput
// The status of the Auth Server Policy.
Status pulumi.StringPtrInput
// The type of the Auth Server Policy.
Type pulumi.StringPtrInput
}
func (ServerPolicyState) ElementType ¶
func (ServerPolicyState) ElementType() reflect.Type
type ServerScope ¶
type ServerScope struct {
pulumi.CustomResourceState
// Auth Server ID.
AuthServerId pulumi.StringOutput `pulumi:"authServerId"`
// Indicates whether a consent dialog is needed for the scope. It can be set to `"REQUIRED"` or `"IMPLICIT"`.
Consent pulumi.StringPtrOutput `pulumi:"consent"`
// A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.
Default pulumi.BoolPtrOutput `pulumi:"default"`
// Description of the Auth Server Scope.
Description pulumi.StringPtrOutput `pulumi:"description"`
// Whether to publish metadata or not. It can be set to `"ALL_CLIENTS"` or `"NO_CLIENTS"`.
MetadataPublish pulumi.StringPtrOutput `pulumi:"metadataPublish"`
// Auth Server scope name.
Name pulumi.StringOutput `pulumi:"name"`
}
Creates an Authorization Server Scope.
This resource allows you to create and configure an Authorization Server Scope.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-okta/sdk/v2/go/okta/auth" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServerScope(ctx, "example", &auth.ServerScopeArgs{
AuthServerId: pulumi.String("<auth server id>"),
Consent: pulumi.String("IMPLICIT"),
MetadataPublish: pulumi.String("NO_CLIENTS"),
})
if err != nil {
return err
}
return nil
})
}
```
func GetServerScope ¶
func GetServerScope(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServerScopeState, opts ...pulumi.ResourceOption) (*ServerScope, error)
GetServerScope gets an existing ServerScope resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServerScope ¶
func NewServerScope(ctx *pulumi.Context, name string, args *ServerScopeArgs, opts ...pulumi.ResourceOption) (*ServerScope, error)
NewServerScope registers a new resource with the given unique name, arguments, and options.
type ServerScopeArgs ¶
type ServerScopeArgs struct {
// Auth Server ID.
AuthServerId pulumi.StringInput
// Indicates whether a consent dialog is needed for the scope. It can be set to `"REQUIRED"` or `"IMPLICIT"`.
Consent pulumi.StringPtrInput
// A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.
Default pulumi.BoolPtrInput
// Description of the Auth Server Scope.
Description pulumi.StringPtrInput
// Whether to publish metadata or not. It can be set to `"ALL_CLIENTS"` or `"NO_CLIENTS"`.
MetadataPublish pulumi.StringPtrInput
// Auth Server scope name.
Name pulumi.StringPtrInput
}
The set of arguments for constructing a ServerScope resource.
func (ServerScopeArgs) ElementType ¶
func (ServerScopeArgs) ElementType() reflect.Type
type ServerScopeState ¶
type ServerScopeState struct {
// Auth Server ID.
AuthServerId pulumi.StringPtrInput
// Indicates whether a consent dialog is needed for the scope. It can be set to `"REQUIRED"` or `"IMPLICIT"`.
Consent pulumi.StringPtrInput
// A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.
Default pulumi.BoolPtrInput
// Description of the Auth Server Scope.
Description pulumi.StringPtrInput
// Whether to publish metadata or not. It can be set to `"ALL_CLIENTS"` or `"NO_CLIENTS"`.
MetadataPublish pulumi.StringPtrInput
// Auth Server scope name.
Name pulumi.StringPtrInput
}
func (ServerScopeState) ElementType ¶
func (ServerScopeState) ElementType() reflect.Type
type ServerState ¶
type ServerState struct {
// The recipients that the tokens are intended for. This becomes the `aud` claim in an access token.
Audiences pulumi.StringArrayInput
// The timestamp when the authorization server started to use the `kid` for signing tokens.
CredentialsLastRotated pulumi.StringPtrInput
// The timestamp when the authorization server changes the key for signing tokens. Only returned when `credentialsRotationMode` is `"AUTO"`.
CredentialsNextRotation pulumi.StringPtrInput
// The key rotation mode for the authorization server. Can be `"AUTO"` or `"MANUAL"`.
CredentialsRotationMode pulumi.StringPtrInput
// The description of the authorization server.
Description pulumi.StringPtrInput
// The complete URL for a Custom Authorization Server. This becomes the `iss` claim in an access token.
Issuer pulumi.StringPtrInput
// Allows you to use a custom issuer URL. It can be set to `"CUSTOM_URL"` or `"ORG_URL"`
IssuerMode pulumi.StringPtrInput
// The ID of the JSON Web Key used for signing tokens issued by the authorization server.
Kid pulumi.StringPtrInput
// The name of the authorization server.
Name pulumi.StringPtrInput
// The status of the auth server. It defaults to `"ACTIVE"`
Status pulumi.StringPtrInput
}
func (ServerState) ElementType ¶
func (ServerState) ElementType() reflect.Type
Source Files
Click to show internal directories.
Click to hide internal directories.