AuthConfigAzureAd
Provides a Rancher v2 Auth Config AzureAD resource. This can be used to configure and enable Auth Config AzureAD for Rancher v2 RKE clusters and retrieve their information.
In addition to the built-in local auth, only one external auth config provider can be enabled at a time.
Example Usage
using Pulumi;
using Rancher2 = Pulumi.Rancher2;
class MyStack : Stack
{
public MyStack()
{
// Create a new rancher2 Auth Config AzureAD
var azuread = new Rancher2.AuthConfigAzureAd("azuread", new Rancher2.AuthConfigAzureAdArgs
{
ApplicationId = "<AZUREAD_APP_ID>",
ApplicationSecret = "<AZUREAD_APP_SECRET>",
AuthEndpoint = "<AZUREAD_AUTH_ENDPOINT>",
GraphEndpoint = "<AZUREAD_GRAPH_ENDPOINT>",
RancherUrl = "<RANCHER_URL>",
TenantId = "<AZUREAD_TENANT_ID>",
TokenEndpoint = "<AZUREAD_TOKEN_ENDPOINT>",
});
}
}
Coming soon!
import pulumi
import pulumi_rancher2 as rancher2
# Create a new rancher2 Auth Config AzureAD
azuread = rancher2.AuthConfigAzureAd("azuread",
application_id="<AZUREAD_APP_ID>",
application_secret="<AZUREAD_APP_SECRET>",
auth_endpoint="<AZUREAD_AUTH_ENDPOINT>",
graph_endpoint="<AZUREAD_GRAPH_ENDPOINT>",
rancher_url="<RANCHER_URL>",
tenant_id="<AZUREAD_TENANT_ID>",
token_endpoint="<AZUREAD_TOKEN_ENDPOINT>")import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";
// Create a new rancher2 Auth Config AzureAD
const azuread = new rancher2.AuthConfigAzureAd("azuread", {
applicationId: "<AZUREAD_APP_ID>",
applicationSecret: "<AZUREAD_APP_SECRET>",
authEndpoint: "<AZUREAD_AUTH_ENDPOINT>",
graphEndpoint: "<AZUREAD_GRAPH_ENDPOINT>",
rancherUrl: "<RANCHER_URL>",
tenantId: "<AZUREAD_TENANT_ID>",
tokenEndpoint: "<AZUREAD_TOKEN_ENDPOINT>",
});Create a AuthConfigAzureAd Resource
new AuthConfigAzureAd(name: string, args: AuthConfigAzureAdArgs, opts?: CustomResourceOptions);def AuthConfigAzureAd(resource_name, opts=None, access_mode=None, allowed_principal_ids=None, annotations=None, application_id=None, application_secret=None, auth_endpoint=None, enabled=None, endpoint=None, graph_endpoint=None, labels=None, rancher_url=None, tenant_id=None, token_endpoint=None, __props__=None);func NewAuthConfigAzureAd(ctx *Context, name string, args AuthConfigAzureAdArgs, opts ...ResourceOption) (*AuthConfigAzureAd, error)public AuthConfigAzureAd(string name, AuthConfigAzureAdArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args AuthConfigAzureAdArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthConfigAzureAdArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthConfigAzureAdArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
AuthConfigAzureAd Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The AuthConfigAzureAd resource accepts the following input properties:
- Application
Id string AzureAD auth application ID (string)
- Application
Secret string AzureAD auth application secret (string)
- Auth
Endpoint string AzureAD auth endpoint (string)
- Graph
Endpoint string AzureAD graph endpoint (string)
- Rancher
Url string Rancher URL (string). “
/verify-auth-azure” - Tenant
Id string AzureAD tenant ID (string)
- Token
Endpoint string AzureAD token endpoint (string)
- Access
Mode string Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- Allowed
Principal List<string>Ids Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- Annotations Dictionary<string, object>
Annotations of the resource (map)
- Enabled bool
Enable auth config provider. Default
true(bool)- Endpoint string
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- Labels Dictionary<string, object>
Labels of the resource (map)
- Application
Id string AzureAD auth application ID (string)
- Application
Secret string AzureAD auth application secret (string)
- Auth
Endpoint string AzureAD auth endpoint (string)
- Graph
Endpoint string AzureAD graph endpoint (string)
- Rancher
Url string Rancher URL (string). “
/verify-auth-azure” - Tenant
Id string AzureAD tenant ID (string)
- Token
Endpoint string AzureAD token endpoint (string)
- Access
Mode string Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- Allowed
Principal []stringIds Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- Annotations map[string]interface{}
Annotations of the resource (map)
- Enabled bool
Enable auth config provider. Default
true(bool)- Endpoint string
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- Labels map[string]interface{}
Labels of the resource (map)
- application
Id string AzureAD auth application ID (string)
- application
Secret string AzureAD auth application secret (string)
- auth
Endpoint string AzureAD auth endpoint (string)
- graph
Endpoint string AzureAD graph endpoint (string)
- rancher
Url string Rancher URL (string). “
/verify-auth-azure” - tenant
Id string AzureAD tenant ID (string)
- token
Endpoint string AzureAD token endpoint (string)
- access
Mode string Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- allowed
Principal string[]Ids Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- annotations {[key: string]: any}
Annotations of the resource (map)
- enabled boolean
Enable auth config provider. Default
true(bool)- endpoint string
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- labels {[key: string]: any}
Labels of the resource (map)
- application_
id str AzureAD auth application ID (string)
- application_
secret str AzureAD auth application secret (string)
- auth_
endpoint str AzureAD auth endpoint (string)
- graph_
endpoint str AzureAD graph endpoint (string)
- rancher_
url str Rancher URL (string). “
/verify-auth-azure” - tenant_
id str AzureAD tenant ID (string)
- token_
endpoint str AzureAD token endpoint (string)
- access_
mode str Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- allowed_
principal_ List[str]ids Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- annotations Dict[str, Any]
Annotations of the resource (map)
- enabled bool
Enable auth config provider. Default
true(bool)- endpoint str
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- labels Dict[str, Any]
Labels of the resource (map)
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthConfigAzureAd resource produces the following output properties:
Look up an Existing AuthConfigAzureAd Resource
Get an existing AuthConfigAzureAd resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthConfigAzureAdState, opts?: CustomResourceOptions): AuthConfigAzureAdstatic get(resource_name, id, opts=None, access_mode=None, allowed_principal_ids=None, annotations=None, application_id=None, application_secret=None, auth_endpoint=None, enabled=None, endpoint=None, graph_endpoint=None, labels=None, name=None, rancher_url=None, tenant_id=None, token_endpoint=None, type=None, __props__=None);func GetAuthConfigAzureAd(ctx *Context, name string, id IDInput, state *AuthConfigAzureAdState, opts ...ResourceOption) (*AuthConfigAzureAd, error)public static AuthConfigAzureAd Get(string name, Input<string> id, AuthConfigAzureAdState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Access
Mode string Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- Allowed
Principal List<string>Ids Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- Annotations Dictionary<string, object>
Annotations of the resource (map)
- Application
Id string AzureAD auth application ID (string)
- Application
Secret string AzureAD auth application secret (string)
- Auth
Endpoint string AzureAD auth endpoint (string)
- Enabled bool
Enable auth config provider. Default
true(bool)- Endpoint string
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- Graph
Endpoint string AzureAD graph endpoint (string)
- Labels Dictionary<string, object>
Labels of the resource (map)
- Name string
(Computed) The name of the resource (string)
- Rancher
Url string Rancher URL (string). “
/verify-auth-azure” - Tenant
Id string AzureAD tenant ID (string)
- Token
Endpoint string AzureAD token endpoint (string)
- Type string
(Computed) The type of the resource (string)
- Access
Mode string Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- Allowed
Principal []stringIds Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- Annotations map[string]interface{}
Annotations of the resource (map)
- Application
Id string AzureAD auth application ID (string)
- Application
Secret string AzureAD auth application secret (string)
- Auth
Endpoint string AzureAD auth endpoint (string)
- Enabled bool
Enable auth config provider. Default
true(bool)- Endpoint string
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- Graph
Endpoint string AzureAD graph endpoint (string)
- Labels map[string]interface{}
Labels of the resource (map)
- Name string
(Computed) The name of the resource (string)
- Rancher
Url string Rancher URL (string). “
/verify-auth-azure” - Tenant
Id string AzureAD tenant ID (string)
- Token
Endpoint string AzureAD token endpoint (string)
- Type string
(Computed) The type of the resource (string)
- access
Mode string Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- allowed
Principal string[]Ids Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- annotations {[key: string]: any}
Annotations of the resource (map)
- application
Id string AzureAD auth application ID (string)
- application
Secret string AzureAD auth application secret (string)
- auth
Endpoint string AzureAD auth endpoint (string)
- enabled boolean
Enable auth config provider. Default
true(bool)- endpoint string
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- graph
Endpoint string AzureAD graph endpoint (string)
- labels {[key: string]: any}
Labels of the resource (map)
- name string
(Computed) The name of the resource (string)
- rancher
Url string Rancher URL (string). “
/verify-auth-azure” - tenant
Id string AzureAD tenant ID (string)
- token
Endpoint string AzureAD token endpoint (string)
- type string
(Computed) The type of the resource (string)
- access_
mode str Access mode for auth.
required,restricted,unrestrictedare supported. Defaultunrestricted(string)- allowed_
principal_ List[str]ids Allowed principal ids for auth. Required if
access_modeisrequiredorrestricted. Ex:azuread_user://<USER_ID>azuread_group://<GROUP_ID>(list)- annotations Dict[str, Any]
Annotations of the resource (map)
- application_
id str AzureAD auth application ID (string)
- application_
secret str AzureAD auth application secret (string)
- auth_
endpoint str AzureAD auth endpoint (string)
- enabled bool
Enable auth config provider. Default
true(bool)- endpoint str
AzureAD endpoint. Default
https://login.microsoftonline.com/(string)- graph_
endpoint str AzureAD graph endpoint (string)
- labels Dict[str, Any]
Labels of the resource (map)
- name str
(Computed) The name of the resource (string)
- rancher_
url str Rancher URL (string). “
/verify-auth-azure” - tenant_
id str AzureAD tenant ID (string)
- token_
endpoint str AzureAD token endpoint (string)
- type str
(Computed) The type of the resource (string)
Package Details
- Repository
- https://github.com/pulumi/pulumi-rancher2
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
rancher2Terraform Provider.