@osmit-gmbh/pulumi-authentik
Version:
A Pulumi package for creating and managing authentik cloud resources.
238 lines (237 loc) • 8.55 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
export declare class SourceKerberos extends pulumi.CustomResource {
/**
* Get an existing SourceKerberos resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SourceKerberosState, opts?: pulumi.CustomResourceOptions): SourceKerberos;
/**
* Returns true if the given object is an instance of SourceKerberos. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is SourceKerberos;
readonly authenticationFlow: pulumi.Output<string | undefined>;
readonly enabled: pulumi.Output<boolean | undefined>;
readonly enrollmentFlow: pulumi.Output<string | undefined>;
/**
* Allowed values: - `identifier` - `nameLink` - `nameDeny`
*/
readonly groupMatchingMode: pulumi.Output<string | undefined>;
/**
* Custom krb5.conf to use. Uses the system one by default
*/
readonly krb5Conf: pulumi.Output<string | undefined>;
readonly name: pulumi.Output<string>;
/**
* If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend
*/
readonly passwordLoginUpdateInternalPassword: pulumi.Output<boolean | undefined>;
/**
* Allowed values: - `all` - `any`
*/
readonly policyEngineMode: pulumi.Output<string | undefined>;
/**
* Kerberos realm
*/
readonly realm: pulumi.Output<string>;
readonly slug: pulumi.Output<string>;
/**
* Credential cache to use for SPNEGO in form type:residual
*/
readonly spnegoCcache: pulumi.Output<string | undefined>;
/**
* SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
*/
readonly spnegoKeytab: pulumi.Output<string | undefined>;
/**
* Force the use of a specific server name for SPNEGO
*/
readonly spnegoServerName: pulumi.Output<string | undefined>;
/**
* Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
*/
readonly syncCcache: pulumi.Output<string | undefined>;
/**
* Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
*/
readonly syncKeytab: pulumi.Output<string | undefined>;
/**
* Password to authenticate to kadmin for sync
*/
readonly syncPassword: pulumi.Output<string | undefined>;
/**
* Principal to authenticate to kadmin for sync.
*/
readonly syncPrincipal: pulumi.Output<string | undefined>;
/**
* Sync users from Kerberos into authentik
*/
readonly syncUsers: pulumi.Output<boolean | undefined>;
/**
* When a user changes their password, sync it back to Kerberos
*/
readonly syncUsersPassword: pulumi.Output<boolean | undefined>;
/**
* Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny`
*/
readonly userMatchingMode: pulumi.Output<string | undefined>;
readonly userPathTemplate: pulumi.Output<string | undefined>;
readonly uuid: pulumi.Output<string>;
/**
* Create a SourceKerberos resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: SourceKerberosArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering SourceKerberos resources.
*/
export interface SourceKerberosState {
authenticationFlow?: pulumi.Input<string>;
enabled?: pulumi.Input<boolean>;
enrollmentFlow?: pulumi.Input<string>;
/**
* Allowed values: - `identifier` - `nameLink` - `nameDeny`
*/
groupMatchingMode?: pulumi.Input<string>;
/**
* Custom krb5.conf to use. Uses the system one by default
*/
krb5Conf?: pulumi.Input<string>;
name?: pulumi.Input<string>;
/**
* If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend
*/
passwordLoginUpdateInternalPassword?: pulumi.Input<boolean>;
/**
* Allowed values: - `all` - `any`
*/
policyEngineMode?: pulumi.Input<string>;
/**
* Kerberos realm
*/
realm?: pulumi.Input<string>;
slug?: pulumi.Input<string>;
/**
* Credential cache to use for SPNEGO in form type:residual
*/
spnegoCcache?: pulumi.Input<string>;
/**
* SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
*/
spnegoKeytab?: pulumi.Input<string>;
/**
* Force the use of a specific server name for SPNEGO
*/
spnegoServerName?: pulumi.Input<string>;
/**
* Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
*/
syncCcache?: pulumi.Input<string>;
/**
* Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
*/
syncKeytab?: pulumi.Input<string>;
/**
* Password to authenticate to kadmin for sync
*/
syncPassword?: pulumi.Input<string>;
/**
* Principal to authenticate to kadmin for sync.
*/
syncPrincipal?: pulumi.Input<string>;
/**
* Sync users from Kerberos into authentik
*/
syncUsers?: pulumi.Input<boolean>;
/**
* When a user changes their password, sync it back to Kerberos
*/
syncUsersPassword?: pulumi.Input<boolean>;
/**
* Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny`
*/
userMatchingMode?: pulumi.Input<string>;
userPathTemplate?: pulumi.Input<string>;
uuid?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a SourceKerberos resource.
*/
export interface SourceKerberosArgs {
authenticationFlow?: pulumi.Input<string>;
enabled?: pulumi.Input<boolean>;
enrollmentFlow?: pulumi.Input<string>;
/**
* Allowed values: - `identifier` - `nameLink` - `nameDeny`
*/
groupMatchingMode?: pulumi.Input<string>;
/**
* Custom krb5.conf to use. Uses the system one by default
*/
krb5Conf?: pulumi.Input<string>;
name?: pulumi.Input<string>;
/**
* If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend
*/
passwordLoginUpdateInternalPassword?: pulumi.Input<boolean>;
/**
* Allowed values: - `all` - `any`
*/
policyEngineMode?: pulumi.Input<string>;
/**
* Kerberos realm
*/
realm: pulumi.Input<string>;
slug: pulumi.Input<string>;
/**
* Credential cache to use for SPNEGO in form type:residual
*/
spnegoCcache?: pulumi.Input<string>;
/**
* SPNEGO keytab base64-encoded or path to keytab in the form FILE:path
*/
spnegoKeytab?: pulumi.Input<string>;
/**
* Force the use of a specific server name for SPNEGO
*/
spnegoServerName?: pulumi.Input<string>;
/**
* Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual
*/
syncCcache?: pulumi.Input<string>;
/**
* Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual
*/
syncKeytab?: pulumi.Input<string>;
/**
* Password to authenticate to kadmin for sync
*/
syncPassword?: pulumi.Input<string>;
/**
* Principal to authenticate to kadmin for sync.
*/
syncPrincipal?: pulumi.Input<string>;
/**
* Sync users from Kerberos into authentik
*/
syncUsers?: pulumi.Input<boolean>;
/**
* When a user changes their password, sync it back to Kerberos
*/
syncUsersPassword?: pulumi.Input<boolean>;
/**
* Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny`
*/
userMatchingMode?: pulumi.Input<string>;
userPathTemplate?: pulumi.Input<string>;
uuid?: pulumi.Input<string>;
}