UNPKG

@osmit-gmbh/pulumi-authentik

Version:

A Pulumi package for creating and managing authentik cloud resources.

238 lines (237 loc) 8.55 kB
import * as pulumi from "@pulumi/pulumi"; export declare class SourceKerberos extends pulumi.CustomResource { /** * Get an existing SourceKerberos resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SourceKerberosState, opts?: pulumi.CustomResourceOptions): SourceKerberos; /** * Returns true if the given object is an instance of SourceKerberos. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SourceKerberos; readonly authenticationFlow: pulumi.Output<string | undefined>; readonly enabled: pulumi.Output<boolean | undefined>; readonly enrollmentFlow: pulumi.Output<string | undefined>; /** * Allowed values: - `identifier` - `nameLink` - `nameDeny` */ readonly groupMatchingMode: pulumi.Output<string | undefined>; /** * Custom krb5.conf to use. Uses the system one by default */ readonly krb5Conf: pulumi.Output<string | undefined>; readonly name: pulumi.Output<string>; /** * If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend */ readonly passwordLoginUpdateInternalPassword: pulumi.Output<boolean | undefined>; /** * Allowed values: - `all` - `any` */ readonly policyEngineMode: pulumi.Output<string | undefined>; /** * Kerberos realm */ readonly realm: pulumi.Output<string>; readonly slug: pulumi.Output<string>; /** * Credential cache to use for SPNEGO in form type:residual */ readonly spnegoCcache: pulumi.Output<string | undefined>; /** * SPNEGO keytab base64-encoded or path to keytab in the form FILE:path */ readonly spnegoKeytab: pulumi.Output<string | undefined>; /** * Force the use of a specific server name for SPNEGO */ readonly spnegoServerName: pulumi.Output<string | undefined>; /** * Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual */ readonly syncCcache: pulumi.Output<string | undefined>; /** * Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual */ readonly syncKeytab: pulumi.Output<string | undefined>; /** * Password to authenticate to kadmin for sync */ readonly syncPassword: pulumi.Output<string | undefined>; /** * Principal to authenticate to kadmin for sync. */ readonly syncPrincipal: pulumi.Output<string | undefined>; /** * Sync users from Kerberos into authentik */ readonly syncUsers: pulumi.Output<boolean | undefined>; /** * When a user changes their password, sync it back to Kerberos */ readonly syncUsersPassword: pulumi.Output<boolean | undefined>; /** * Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny` */ readonly userMatchingMode: pulumi.Output<string | undefined>; readonly userPathTemplate: pulumi.Output<string | undefined>; readonly uuid: pulumi.Output<string>; /** * Create a SourceKerberos resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SourceKerberosArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SourceKerberos resources. */ export interface SourceKerberosState { authenticationFlow?: pulumi.Input<string>; enabled?: pulumi.Input<boolean>; enrollmentFlow?: pulumi.Input<string>; /** * Allowed values: - `identifier` - `nameLink` - `nameDeny` */ groupMatchingMode?: pulumi.Input<string>; /** * Custom krb5.conf to use. Uses the system one by default */ krb5Conf?: pulumi.Input<string>; name?: pulumi.Input<string>; /** * If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend */ passwordLoginUpdateInternalPassword?: pulumi.Input<boolean>; /** * Allowed values: - `all` - `any` */ policyEngineMode?: pulumi.Input<string>; /** * Kerberos realm */ realm?: pulumi.Input<string>; slug?: pulumi.Input<string>; /** * Credential cache to use for SPNEGO in form type:residual */ spnegoCcache?: pulumi.Input<string>; /** * SPNEGO keytab base64-encoded or path to keytab in the form FILE:path */ spnegoKeytab?: pulumi.Input<string>; /** * Force the use of a specific server name for SPNEGO */ spnegoServerName?: pulumi.Input<string>; /** * Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual */ syncCcache?: pulumi.Input<string>; /** * Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual */ syncKeytab?: pulumi.Input<string>; /** * Password to authenticate to kadmin for sync */ syncPassword?: pulumi.Input<string>; /** * Principal to authenticate to kadmin for sync. */ syncPrincipal?: pulumi.Input<string>; /** * Sync users from Kerberos into authentik */ syncUsers?: pulumi.Input<boolean>; /** * When a user changes their password, sync it back to Kerberos */ syncUsersPassword?: pulumi.Input<boolean>; /** * Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny` */ userMatchingMode?: pulumi.Input<string>; userPathTemplate?: pulumi.Input<string>; uuid?: pulumi.Input<string>; } /** * The set of arguments for constructing a SourceKerberos resource. */ export interface SourceKerberosArgs { authenticationFlow?: pulumi.Input<string>; enabled?: pulumi.Input<boolean>; enrollmentFlow?: pulumi.Input<string>; /** * Allowed values: - `identifier` - `nameLink` - `nameDeny` */ groupMatchingMode?: pulumi.Input<string>; /** * Custom krb5.conf to use. Uses the system one by default */ krb5Conf?: pulumi.Input<string>; name?: pulumi.Input<string>; /** * If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend */ passwordLoginUpdateInternalPassword?: pulumi.Input<boolean>; /** * Allowed values: - `all` - `any` */ policyEngineMode?: pulumi.Input<string>; /** * Kerberos realm */ realm: pulumi.Input<string>; slug: pulumi.Input<string>; /** * Credential cache to use for SPNEGO in form type:residual */ spnegoCcache?: pulumi.Input<string>; /** * SPNEGO keytab base64-encoded or path to keytab in the form FILE:path */ spnegoKeytab?: pulumi.Input<string>; /** * Force the use of a specific server name for SPNEGO */ spnegoServerName?: pulumi.Input<string>; /** * Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual */ syncCcache?: pulumi.Input<string>; /** * Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual */ syncKeytab?: pulumi.Input<string>; /** * Password to authenticate to kadmin for sync */ syncPassword?: pulumi.Input<string>; /** * Principal to authenticate to kadmin for sync. */ syncPrincipal?: pulumi.Input<string>; /** * Sync users from Kerberos into authentik */ syncUsers?: pulumi.Input<boolean>; /** * When a user changes their password, sync it back to Kerberos */ syncUsersPassword?: pulumi.Input<boolean>; /** * Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny` */ userMatchingMode?: pulumi.Input<string>; userPathTemplate?: pulumi.Input<string>; uuid?: pulumi.Input<string>; }