1. Packages
  2. Nomad Provider
  3. API Docs
  4. AclAuthMethod
Nomad v2.4.3 published on Saturday, Mar 15, 2025 by Pulumi

nomad.AclAuthMethod

Explore with Pulumi AI

Manages an ACL Auth Method in Nomad.

Example Usage

Creating an ALC Auth Method:

import * as pulumi from "@pulumi/pulumi";
import * as nomad from "@pulumi/nomad";

const myNomadAclAuthMethod = new nomad.AclAuthMethod("my_nomad_acl_auth_method", {
    name: "my-nomad-acl-auth-method",
    type: "OIDC",
    tokenLocality: "global",
    maxTokenTtl: "10m0s",
    tokenNameFormat: `${auth_method_type}-${value.user}`,
    "default": true,
    config: {
        oidcDiscoveryUrl: "https://uk.auth0.com/",
        oidcClientId: "someclientid",
        oidcClientSecret: "someclientsecret-t",
        boundAudiences: ["someclientid"],
        allowedRedirectUris: [
            "http://localhost:4649/oidc/callback",
            "http://localhost:4646/ui/settings/tokens",
        ],
        listClaimMappings: {
            "http://nomad.internal/roles": "roles",
        },
    },
});
Copy
import pulumi
import pulumi_nomad as nomad

my_nomad_acl_auth_method = nomad.AclAuthMethod("my_nomad_acl_auth_method",
    name="my-nomad-acl-auth-method",
    type="OIDC",
    token_locality="global",
    max_token_ttl="10m0s",
    token_name_format="${auth_method_type}-${value.user}",
    default=True,
    config={
        "oidc_discovery_url": "https://uk.auth0.com/",
        "oidc_client_id": "someclientid",
        "oidc_client_secret": "someclientsecret-t",
        "bound_audiences": ["someclientid"],
        "allowed_redirect_uris": [
            "http://localhost:4649/oidc/callback",
            "http://localhost:4646/ui/settings/tokens",
        ],
        "list_claim_mappings": {
            "http://nomad.internal/roles": "roles",
        },
    })
Copy
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := nomad.NewAclAuthMethod(ctx, "my_nomad_acl_auth_method", &nomad.AclAuthMethodArgs{
			Name:            pulumi.String("my-nomad-acl-auth-method"),
			Type:            pulumi.String("OIDC"),
			TokenLocality:   pulumi.String("global"),
			MaxTokenTtl:     pulumi.String("10m0s"),
			TokenNameFormat: pulumi.Sprintf("${auth_method_type}-${value.user}"),
			Default:         pulumi.Bool(true),
			Config: &nomad.AclAuthMethodConfigArgs{
				OidcDiscoveryUrl: pulumi.String("https://uk.auth0.com/"),
				OidcClientId:     pulumi.String("someclientid"),
				OidcClientSecret: pulumi.String("someclientsecret-t"),
				BoundAudiences: pulumi.StringArray{
					pulumi.String("someclientid"),
				},
				AllowedRedirectUris: pulumi.StringArray{
					pulumi.String("http://localhost:4649/oidc/callback"),
					pulumi.String("http://localhost:4646/ui/settings/tokens"),
				},
				ListClaimMappings: pulumi.StringMap{
					"http://nomad.internal/roles": pulumi.String("roles"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nomad = Pulumi.Nomad;

return await Deployment.RunAsync(() => 
{
    var myNomadAclAuthMethod = new Nomad.AclAuthMethod("my_nomad_acl_auth_method", new()
    {
        Name = "my-nomad-acl-auth-method",
        Type = "OIDC",
        TokenLocality = "global",
        MaxTokenTtl = "10m0s",
        TokenNameFormat = "${auth_method_type}-${value.user}",
        Default = true,
        Config = new Nomad.Inputs.AclAuthMethodConfigArgs
        {
            OidcDiscoveryUrl = "https://uk.auth0.com/",
            OidcClientId = "someclientid",
            OidcClientSecret = "someclientsecret-t",
            BoundAudiences = new[]
            {
                "someclientid",
            },
            AllowedRedirectUris = new[]
            {
                "http://localhost:4649/oidc/callback",
                "http://localhost:4646/ui/settings/tokens",
            },
            ListClaimMappings = 
            {
                { "http://nomad.internal/roles", "roles" },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nomad.AclAuthMethod;
import com.pulumi.nomad.AclAuthMethodArgs;
import com.pulumi.nomad.inputs.AclAuthMethodConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myNomadAclAuthMethod = new AclAuthMethod("myNomadAclAuthMethod", AclAuthMethodArgs.builder()
            .name("my-nomad-acl-auth-method")
            .type("OIDC")
            .tokenLocality("global")
            .maxTokenTtl("10m0s")
            .tokenNameFormat("${auth_method_type}-${value.user}")
            .default_(true)
            .config(AclAuthMethodConfigArgs.builder()
                .oidcDiscoveryUrl("https://uk.auth0.com/")
                .oidcClientId("someclientid")
                .oidcClientSecret("someclientsecret-t")
                .boundAudiences("someclientid")
                .allowedRedirectUris(                
                    "http://localhost:4649/oidc/callback",
                    "http://localhost:4646/ui/settings/tokens")
                .listClaimMappings(Map.of("http://nomad.internal/roles", "roles"))
                .build())
            .build());

    }
}
Copy
resources:
  myNomadAclAuthMethod:
    type: nomad:AclAuthMethod
    name: my_nomad_acl_auth_method
    properties:
      name: my-nomad-acl-auth-method
      type: OIDC
      tokenLocality: global
      maxTokenTtl: 10m0s
      tokenNameFormat: $${auth_method_type}-$${value.user}
      default: true
      config:
        oidcDiscoveryUrl: https://uk.auth0.com/
        oidcClientId: someclientid
        oidcClientSecret: someclientsecret-t
        boundAudiences:
          - someclientid
        allowedRedirectUris:
          - http://localhost:4649/oidc/callback
          - http://localhost:4646/ui/settings/tokens
        listClaimMappings:
          http://nomad.internal/roles: roles
Copy

Create AclAuthMethod Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AclAuthMethod(name: string, args: AclAuthMethodArgs, opts?: CustomResourceOptions);
@overload
def AclAuthMethod(resource_name: str,
                  args: AclAuthMethodArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def AclAuthMethod(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  config: Optional[AclAuthMethodConfigArgs] = None,
                  max_token_ttl: Optional[str] = None,
                  token_locality: Optional[str] = None,
                  type: Optional[str] = None,
                  default: Optional[bool] = None,
                  name: Optional[str] = None,
                  token_name_format: Optional[str] = None)
func NewAclAuthMethod(ctx *Context, name string, args AclAuthMethodArgs, opts ...ResourceOption) (*AclAuthMethod, error)
public AclAuthMethod(string name, AclAuthMethodArgs args, CustomResourceOptions? opts = null)
public AclAuthMethod(String name, AclAuthMethodArgs args)
public AclAuthMethod(String name, AclAuthMethodArgs args, CustomResourceOptions options)
type: nomad:AclAuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. AclAuthMethodArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. AclAuthMethodArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. AclAuthMethodArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. AclAuthMethodArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. AclAuthMethodArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var aclAuthMethodResource = new Nomad.AclAuthMethod("aclAuthMethodResource", new()
{
    Config = new Nomad.Inputs.AclAuthMethodConfigArgs
    {
        AllowedRedirectUris = new[]
        {
            "string",
        },
        BoundAudiences = new[]
        {
            "string",
        },
        BoundIssuers = new[]
        {
            "string",
        },
        ClaimMappings = 
        {
            { "string", "string" },
        },
        ClockSkewLeeway = "string",
        DiscoveryCaPems = new[]
        {
            "string",
        },
        ExpirationLeeway = "string",
        JwksCaCert = "string",
        JwksUrl = "string",
        JwtValidationPubKeys = new[]
        {
            "string",
        },
        ListClaimMappings = 
        {
            { "string", "string" },
        },
        NotBeforeLeeway = "string",
        OidcClientId = "string",
        OidcClientSecret = "string",
        OidcDisableUserinfo = false,
        OidcDiscoveryUrl = "string",
        OidcScopes = new[]
        {
            "string",
        },
        SigningAlgs = new[]
        {
            "string",
        },
    },
    MaxTokenTtl = "string",
    TokenLocality = "string",
    Type = "string",
    Default = false,
    Name = "string",
    TokenNameFormat = "string",
});
Copy
example, err := nomad.NewAclAuthMethod(ctx, "aclAuthMethodResource", &nomad.AclAuthMethodArgs{
	Config: &nomad.AclAuthMethodConfigArgs{
		AllowedRedirectUris: pulumi.StringArray{
			pulumi.String("string"),
		},
		BoundAudiences: pulumi.StringArray{
			pulumi.String("string"),
		},
		BoundIssuers: pulumi.StringArray{
			pulumi.String("string"),
		},
		ClaimMappings: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		ClockSkewLeeway: pulumi.String("string"),
		DiscoveryCaPems: pulumi.StringArray{
			pulumi.String("string"),
		},
		ExpirationLeeway: pulumi.String("string"),
		JwksCaCert:       pulumi.String("string"),
		JwksUrl:          pulumi.String("string"),
		JwtValidationPubKeys: pulumi.StringArray{
			pulumi.String("string"),
		},
		ListClaimMappings: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		NotBeforeLeeway:     pulumi.String("string"),
		OidcClientId:        pulumi.String("string"),
		OidcClientSecret:    pulumi.String("string"),
		OidcDisableUserinfo: pulumi.Bool(false),
		OidcDiscoveryUrl:    pulumi.String("string"),
		OidcScopes: pulumi.StringArray{
			pulumi.String("string"),
		},
		SigningAlgs: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	MaxTokenTtl:     pulumi.String("string"),
	TokenLocality:   pulumi.String("string"),
	Type:            pulumi.String("string"),
	Default:         pulumi.Bool(false),
	Name:            pulumi.String("string"),
	TokenNameFormat: pulumi.String("string"),
})
Copy
var aclAuthMethodResource = new AclAuthMethod("aclAuthMethodResource", AclAuthMethodArgs.builder()
    .config(AclAuthMethodConfigArgs.builder()
        .allowedRedirectUris("string")
        .boundAudiences("string")
        .boundIssuers("string")
        .claimMappings(Map.of("string", "string"))
        .clockSkewLeeway("string")
        .discoveryCaPems("string")
        .expirationLeeway("string")
        .jwksCaCert("string")
        .jwksUrl("string")
        .jwtValidationPubKeys("string")
        .listClaimMappings(Map.of("string", "string"))
        .notBeforeLeeway("string")
        .oidcClientId("string")
        .oidcClientSecret("string")
        .oidcDisableUserinfo(false)
        .oidcDiscoveryUrl("string")
        .oidcScopes("string")
        .signingAlgs("string")
        .build())
    .maxTokenTtl("string")
    .tokenLocality("string")
    .type("string")
    .default_(false)
    .name("string")
    .tokenNameFormat("string")
    .build());
Copy
acl_auth_method_resource = nomad.AclAuthMethod("aclAuthMethodResource",
    config={
        "allowed_redirect_uris": ["string"],
        "bound_audiences": ["string"],
        "bound_issuers": ["string"],
        "claim_mappings": {
            "string": "string",
        },
        "clock_skew_leeway": "string",
        "discovery_ca_pems": ["string"],
        "expiration_leeway": "string",
        "jwks_ca_cert": "string",
        "jwks_url": "string",
        "jwt_validation_pub_keys": ["string"],
        "list_claim_mappings": {
            "string": "string",
        },
        "not_before_leeway": "string",
        "oidc_client_id": "string",
        "oidc_client_secret": "string",
        "oidc_disable_userinfo": False,
        "oidc_discovery_url": "string",
        "oidc_scopes": ["string"],
        "signing_algs": ["string"],
    },
    max_token_ttl="string",
    token_locality="string",
    type="string",
    default=False,
    name="string",
    token_name_format="string")
Copy
const aclAuthMethodResource = new nomad.AclAuthMethod("aclAuthMethodResource", {
    config: {
        allowedRedirectUris: ["string"],
        boundAudiences: ["string"],
        boundIssuers: ["string"],
        claimMappings: {
            string: "string",
        },
        clockSkewLeeway: "string",
        discoveryCaPems: ["string"],
        expirationLeeway: "string",
        jwksCaCert: "string",
        jwksUrl: "string",
        jwtValidationPubKeys: ["string"],
        listClaimMappings: {
            string: "string",
        },
        notBeforeLeeway: "string",
        oidcClientId: "string",
        oidcClientSecret: "string",
        oidcDisableUserinfo: false,
        oidcDiscoveryUrl: "string",
        oidcScopes: ["string"],
        signingAlgs: ["string"],
    },
    maxTokenTtl: "string",
    tokenLocality: "string",
    type: "string",
    "default": false,
    name: "string",
    tokenNameFormat: "string",
});
Copy
type: nomad:AclAuthMethod
properties:
    config:
        allowedRedirectUris:
            - string
        boundAudiences:
            - string
        boundIssuers:
            - string
        claimMappings:
            string: string
        clockSkewLeeway: string
        discoveryCaPems:
            - string
        expirationLeeway: string
        jwksCaCert: string
        jwksUrl: string
        jwtValidationPubKeys:
            - string
        listClaimMappings:
            string: string
        notBeforeLeeway: string
        oidcClientId: string
        oidcClientSecret: string
        oidcDisableUserinfo: false
        oidcDiscoveryUrl: string
        oidcScopes:
            - string
        signingAlgs:
            - string
    default: false
    maxTokenTtl: string
    name: string
    tokenLocality: string
    tokenNameFormat: string
    type: string
Copy

AclAuthMethod Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AclAuthMethod resource accepts the following input properties:

Config This property is required. AclAuthMethodConfig
(block: <required>) - Configuration specific to the auth method provider.
MaxTokenTtl This property is required. string
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
TokenLocality This property is required. string
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
Type This property is required. string
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
Default bool
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
Name string
(string: <required>) - The identifier of the ACL Auth Method.
TokenNameFormat string
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
Config This property is required. AclAuthMethodConfigArgs
(block: <required>) - Configuration specific to the auth method provider.
MaxTokenTtl This property is required. string
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
TokenLocality This property is required. string
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
Type This property is required. string
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
Default bool
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
Name string
(string: <required>) - The identifier of the ACL Auth Method.
TokenNameFormat string
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
config This property is required. AclAuthMethodConfig
(block: <required>) - Configuration specific to the auth method provider.
maxTokenTtl This property is required. String
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
tokenLocality This property is required. String
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type This property is required. String
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default_ Boolean
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
name String
(string: <required>) - The identifier of the ACL Auth Method.
tokenNameFormat String
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
config This property is required. AclAuthMethodConfig
(block: <required>) - Configuration specific to the auth method provider.
maxTokenTtl This property is required. string
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
tokenLocality This property is required. string
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type This property is required. string
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default boolean
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
name string
(string: <required>) - The identifier of the ACL Auth Method.
tokenNameFormat string
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
config This property is required. AclAuthMethodConfigArgs
(block: <required>) - Configuration specific to the auth method provider.
max_token_ttl This property is required. str
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
token_locality This property is required. str
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type This property is required. str
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default bool
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
name str
(string: <required>) - The identifier of the ACL Auth Method.
token_name_format str
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
config This property is required. Property Map
(block: <required>) - Configuration specific to the auth method provider.
maxTokenTtl This property is required. String
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
tokenLocality This property is required. String
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
type This property is required. String
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
default Boolean
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
name String
(string: <required>) - The identifier of the ACL Auth Method.
tokenNameFormat String
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.

Outputs

All input properties are implicitly available as output properties. Additionally, the AclAuthMethod resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing AclAuthMethod Resource

Get an existing AclAuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AclAuthMethodState, opts?: CustomResourceOptions): AclAuthMethod
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[AclAuthMethodConfigArgs] = None,
        default: Optional[bool] = None,
        max_token_ttl: Optional[str] = None,
        name: Optional[str] = None,
        token_locality: Optional[str] = None,
        token_name_format: Optional[str] = None,
        type: Optional[str] = None) -> AclAuthMethod
func GetAclAuthMethod(ctx *Context, name string, id IDInput, state *AclAuthMethodState, opts ...ResourceOption) (*AclAuthMethod, error)
public static AclAuthMethod Get(string name, Input<string> id, AclAuthMethodState? state, CustomResourceOptions? opts = null)
public static AclAuthMethod get(String name, Output<String> id, AclAuthMethodState state, CustomResourceOptions options)
resources:  _:    type: nomad:AclAuthMethod    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Config AclAuthMethodConfig
(block: <required>) - Configuration specific to the auth method provider.
Default bool
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
MaxTokenTtl string
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
Name string
(string: <required>) - The identifier of the ACL Auth Method.
TokenLocality string
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
TokenNameFormat string
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
Type string
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
Config AclAuthMethodConfigArgs
(block: <required>) - Configuration specific to the auth method provider.
Default bool
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
MaxTokenTtl string
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
Name string
(string: <required>) - The identifier of the ACL Auth Method.
TokenLocality string
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
TokenNameFormat string
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
Type string
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
config AclAuthMethodConfig
(block: <required>) - Configuration specific to the auth method provider.
default_ Boolean
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
maxTokenTtl String
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name String
(string: <required>) - The identifier of the ACL Auth Method.
tokenLocality String
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
tokenNameFormat String
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type String
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
config AclAuthMethodConfig
(block: <required>) - Configuration specific to the auth method provider.
default boolean
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
maxTokenTtl string
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name string
(string: <required>) - The identifier of the ACL Auth Method.
tokenLocality string
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
tokenNameFormat string
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type string
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
config AclAuthMethodConfigArgs
(block: <required>) - Configuration specific to the auth method provider.
default bool
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
max_token_ttl str
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name str
(string: <required>) - The identifier of the ACL Auth Method.
token_locality str
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
token_name_format str
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type str
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.
config Property Map
(block: <required>) - Configuration specific to the auth method provider.
default Boolean
(bool: false) - Defines whether this ACL Auth Method is to be set as default.
maxTokenTtl String
(string: <required>) - Defines the maximum life of a token created by this method and is specified as a time duration such as "15h".
name String
(string: <required>) - The identifier of the ACL Auth Method.
tokenLocality String
(string: <required>) - Defines whether the ACL Auth Method creates a local or global token when performing SSO login. This field must be set to either local or global.
tokenNameFormat String
(string: "${auth_method_type}-${auth_method_name}") - Defines the token name format for the generated tokens This can be lightly templated using HIL '${foo}' syntax.
type String
(string: <required>) - ACL Auth Method SSO workflow type. Valid values, are OIDC and JWT.

Supporting Types

AclAuthMethodConfig
, AclAuthMethodConfigArgs

AllowedRedirectUris List<string>
([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
BoundAudiences List<string>
([]string: <optional>) - List of auth claims that are valid for login.
BoundIssuers List<string>
([]string: <optional>) - The value against which to match the iss claim in a JWT.
ClaimMappings Dictionary<string, string>
Mappings of claims (key) that will be copied to a metadata field (value).
ClockSkewLeeway string
(string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
DiscoveryCaPems List<string>
([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
ExpirationLeeway string
(string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
JwksCaCert string
(string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
JwksUrl string
(string: <optional>) - JSON Web Key Sets url for authenticating signatures.
JwtValidationPubKeys List<string>
([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
ListClaimMappings Dictionary<string, string>
Mappings of list claims (key) that will be copied to a metadata field (value).
NotBeforeLeeway string
(string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
OidcClientId string
(string: <optional>) - The OAuth Client ID configured with the OIDC provider.
OidcClientSecret string
(string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
OidcDisableUserinfo bool
(bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
OidcDiscoveryUrl string
(string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
OidcScopes List<string>
([]string: <optional>) - List of OIDC scopes.
SigningAlgs List<string>
([]string: <optional>) - A list of supported signing algorithms.
AllowedRedirectUris []string
([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
BoundAudiences []string
([]string: <optional>) - List of auth claims that are valid for login.
BoundIssuers []string
([]string: <optional>) - The value against which to match the iss claim in a JWT.
ClaimMappings map[string]string
Mappings of claims (key) that will be copied to a metadata field (value).
ClockSkewLeeway string
(string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
DiscoveryCaPems []string
([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
ExpirationLeeway string
(string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
JwksCaCert string
(string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
JwksUrl string
(string: <optional>) - JSON Web Key Sets url for authenticating signatures.
JwtValidationPubKeys []string
([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
ListClaimMappings map[string]string
Mappings of list claims (key) that will be copied to a metadata field (value).
NotBeforeLeeway string
(string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
OidcClientId string
(string: <optional>) - The OAuth Client ID configured with the OIDC provider.
OidcClientSecret string
(string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
OidcDisableUserinfo bool
(bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
OidcDiscoveryUrl string
(string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
OidcScopes []string
([]string: <optional>) - List of OIDC scopes.
SigningAlgs []string
([]string: <optional>) - A list of supported signing algorithms.
allowedRedirectUris List<String>
([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
boundAudiences List<String>
([]string: <optional>) - List of auth claims that are valid for login.
boundIssuers List<String>
([]string: <optional>) - The value against which to match the iss claim in a JWT.
claimMappings Map<String,String>
Mappings of claims (key) that will be copied to a metadata field (value).
clockSkewLeeway String
(string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discoveryCaPems List<String>
([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expirationLeeway String
(string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwksCaCert String
(string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwksUrl String
(string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwtValidationPubKeys List<String>
([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
listClaimMappings Map<String,String>
Mappings of list claims (key) that will be copied to a metadata field (value).
notBeforeLeeway String
(string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidcClientId String
(string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidcClientSecret String
(string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidcDisableUserinfo Boolean
(bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidcDiscoveryUrl String
(string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidcScopes List<String>
([]string: <optional>) - List of OIDC scopes.
signingAlgs List<String>
([]string: <optional>) - A list of supported signing algorithms.
allowedRedirectUris string[]
([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
boundAudiences string[]
([]string: <optional>) - List of auth claims that are valid for login.
boundIssuers string[]
([]string: <optional>) - The value against which to match the iss claim in a JWT.
claimMappings {[key: string]: string}
Mappings of claims (key) that will be copied to a metadata field (value).
clockSkewLeeway string
(string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discoveryCaPems string[]
([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expirationLeeway string
(string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwksCaCert string
(string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwksUrl string
(string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwtValidationPubKeys string[]
([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
listClaimMappings {[key: string]: string}
Mappings of list claims (key) that will be copied to a metadata field (value).
notBeforeLeeway string
(string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidcClientId string
(string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidcClientSecret string
(string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidcDisableUserinfo boolean
(bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidcDiscoveryUrl string
(string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidcScopes string[]
([]string: <optional>) - List of OIDC scopes.
signingAlgs string[]
([]string: <optional>) - A list of supported signing algorithms.
allowed_redirect_uris Sequence[str]
([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
bound_audiences Sequence[str]
([]string: <optional>) - List of auth claims that are valid for login.
bound_issuers Sequence[str]
([]string: <optional>) - The value against which to match the iss claim in a JWT.
claim_mappings Mapping[str, str]
Mappings of claims (key) that will be copied to a metadata field (value).
clock_skew_leeway str
(string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discovery_ca_pems Sequence[str]
([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expiration_leeway str
(string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwks_ca_cert str
(string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwks_url str
(string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwt_validation_pub_keys Sequence[str]
([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
list_claim_mappings Mapping[str, str]
Mappings of list claims (key) that will be copied to a metadata field (value).
not_before_leeway str
(string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidc_client_id str
(string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidc_client_secret str
(string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidc_disable_userinfo bool
(bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidc_discovery_url str
(string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidc_scopes Sequence[str]
([]string: <optional>) - List of OIDC scopes.
signing_algs Sequence[str]
([]string: <optional>) - A list of supported signing algorithms.
allowedRedirectUris List<String>
([]string: <optional>) - A list of allowed values that can be used for the redirect URI.
boundAudiences List<String>
([]string: <optional>) - List of auth claims that are valid for login.
boundIssuers List<String>
([]string: <optional>) - The value against which to match the iss claim in a JWT.
claimMappings Map<String>
Mappings of claims (key) that will be copied to a metadata field (value).
clockSkewLeeway String
(string: <optional>) - Duration of leeway when validating all claims in the form of a time duration such as "5m" or "1h".
discoveryCaPems List<String>
([]string: <optional>) - PEM encoded CA certs for use by the TLS client used to talk with the OIDC Discovery URL.
expirationLeeway String
(string: <optional>) - Duration of leeway when validating expiration of a JWT in the form of a time duration such as "5m" or "1h".
jwksCaCert String
(string: <optional>) - PEM encoded CA cert for use by the TLS client used to talk with the JWKS server.
jwksUrl String
(string: <optional>) - JSON Web Key Sets url for authenticating signatures.
jwtValidationPubKeys List<String>
([]string: <optional>) - List of PEM-encoded public keys to use to authenticate signatures locally.
listClaimMappings Map<String>
Mappings of list claims (key) that will be copied to a metadata field (value).
notBeforeLeeway String
(string: <optional>) - Duration of leeway when validating not before values of a token in the form of a time duration such as "5m" or "1h".
oidcClientId String
(string: <optional>) - The OAuth Client ID configured with the OIDC provider.
oidcClientSecret String
(string: <optional>) - The OAuth Client Secret configured with the OIDC provider.
oidcDisableUserinfo Boolean
(bool: false) - When set to true, Nomad will not make a request to the identity provider to get OIDC UserInfo. You may wish to set this if your identity provider doesn't send any additional claims from the UserInfo endpoint.
oidcDiscoveryUrl String
(string: <optional>) - The OIDC Discovery URL, without any .well-known component (base path).
oidcScopes List<String>
([]string: <optional>) - List of OIDC scopes.
signingAlgs List<String>
([]string: <optional>) - A list of supported signing algorithms.

Package Details

Repository
HashiCorp Nomad pulumi/pulumi-nomad
License
Apache-2.0
Notes
This Pulumi package is based on the nomad Terraform Provider.