UNPKG

@osmit-gmbh/pulumi-authentik

Version:

A Pulumi package for creating and managing authentik cloud resources.

236 lines (235 loc) 9.18 kB
import * as pulumi from "@pulumi/pulumi"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as authentik from "@osmit-gmbh/pulumi-authentik"; * import * as authentik from "@pulumi/authentik"; * * // Create OAuth Source using an existing provider * const default-source-authentication = authentik.getFlow({ * slug: "default-source-authentication", * }); * const default-source-enrollment = authentik.getFlow({ * slug: "default-source-enrollment", * }); * const name = new authentik.SourceOauth("name", { * name: "discord", * slug: "discord", * authenticationFlow: default_source_authentication.then(default_source_authentication => default_source_authentication.id), * enrollmentFlow: default_source_enrollment.then(default_source_enrollment => default_source_enrollment.id), * providerType: "discord", * consumerKey: "foo", * consumerSecret: "bar", * }); * ``` */ export declare class SourceOauth extends pulumi.CustomResource { /** * Get an existing SourceOauth resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SourceOauthState, opts?: pulumi.CustomResourceOptions): SourceOauth; /** * Returns true if the given object is an instance of SourceOauth. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SourceOauth; /** * Only required for OAuth1. */ readonly accessTokenUrl: pulumi.Output<string | undefined>; readonly additionalScopes: pulumi.Output<string | undefined>; readonly authenticationFlow: pulumi.Output<string | undefined>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ readonly authorizationUrl: pulumi.Output<string | undefined>; readonly callbackUri: pulumi.Output<string>; readonly consumerKey: pulumi.Output<string>; readonly consumerSecret: pulumi.Output<string>; readonly enabled: pulumi.Output<boolean | undefined>; readonly enrollmentFlow: pulumi.Output<string | undefined>; /** * Allowed values: - `identifier` - `nameLink` - `nameDeny` */ readonly groupMatchingMode: pulumi.Output<string | undefined>; readonly name: pulumi.Output<string>; /** * Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to * pass objects. */ readonly oidcJwks: pulumi.Output<string>; /** * Automatically configure JWKS if not specified by `oidcWellKnownUrl`. */ readonly oidcJwksUrl: pulumi.Output<string | undefined>; /** * Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with * `.well-known/openid-configuration`. */ readonly oidcWellKnownUrl: pulumi.Output<string | undefined>; /** * Allowed values: - `all` - `any` */ readonly policyEngineMode: pulumi.Output<string | undefined>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ readonly profileUrl: pulumi.Output<string | undefined>; /** * Allowed values: - `apple` - `openidconnect` - `azuread` - `discord` - `facebook` - `github` - `gitlab` - `google` - * `mailcow` - `okta` - `patreon` - `reddit` - `twitch` - `twitter` */ readonly providerType: pulumi.Output<string>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ readonly requestTokenUrl: pulumi.Output<string | undefined>; readonly slug: pulumi.Output<string>; /** * Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny` */ readonly userMatchingMode: pulumi.Output<string | undefined>; readonly userPathTemplate: pulumi.Output<string | undefined>; readonly uuid: pulumi.Output<string>; /** * Create a SourceOauth resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SourceOauthArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SourceOauth resources. */ export interface SourceOauthState { /** * Only required for OAuth1. */ accessTokenUrl?: pulumi.Input<string>; additionalScopes?: pulumi.Input<string>; authenticationFlow?: pulumi.Input<string>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ authorizationUrl?: pulumi.Input<string>; callbackUri?: pulumi.Input<string>; consumerKey?: pulumi.Input<string>; consumerSecret?: pulumi.Input<string>; enabled?: pulumi.Input<boolean>; enrollmentFlow?: pulumi.Input<string>; /** * Allowed values: - `identifier` - `nameLink` - `nameDeny` */ groupMatchingMode?: pulumi.Input<string>; name?: pulumi.Input<string>; /** * Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to * pass objects. */ oidcJwks?: pulumi.Input<string>; /** * Automatically configure JWKS if not specified by `oidcWellKnownUrl`. */ oidcJwksUrl?: pulumi.Input<string>; /** * Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with * `.well-known/openid-configuration`. */ oidcWellKnownUrl?: pulumi.Input<string>; /** * Allowed values: - `all` - `any` */ policyEngineMode?: pulumi.Input<string>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ profileUrl?: pulumi.Input<string>; /** * Allowed values: - `apple` - `openidconnect` - `azuread` - `discord` - `facebook` - `github` - `gitlab` - `google` - * `mailcow` - `okta` - `patreon` - `reddit` - `twitch` - `twitter` */ providerType?: pulumi.Input<string>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ requestTokenUrl?: pulumi.Input<string>; slug?: pulumi.Input<string>; /** * Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny` */ userMatchingMode?: pulumi.Input<string>; userPathTemplate?: pulumi.Input<string>; uuid?: pulumi.Input<string>; } /** * The set of arguments for constructing a SourceOauth resource. */ export interface SourceOauthArgs { /** * Only required for OAuth1. */ accessTokenUrl?: pulumi.Input<string>; additionalScopes?: pulumi.Input<string>; authenticationFlow?: pulumi.Input<string>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ authorizationUrl?: pulumi.Input<string>; consumerKey: pulumi.Input<string>; consumerSecret: pulumi.Input<string>; enabled?: pulumi.Input<boolean>; enrollmentFlow?: pulumi.Input<string>; /** * Allowed values: - `identifier` - `nameLink` - `nameDeny` */ groupMatchingMode?: pulumi.Input<string>; name?: pulumi.Input<string>; /** * Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to * pass objects. */ oidcJwks?: pulumi.Input<string>; /** * Automatically configure JWKS if not specified by `oidcWellKnownUrl`. */ oidcJwksUrl?: pulumi.Input<string>; /** * Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with * `.well-known/openid-configuration`. */ oidcWellKnownUrl?: pulumi.Input<string>; /** * Allowed values: - `all` - `any` */ policyEngineMode?: pulumi.Input<string>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ profileUrl?: pulumi.Input<string>; /** * Allowed values: - `apple` - `openidconnect` - `azuread` - `discord` - `facebook` - `github` - `gitlab` - `google` - * `mailcow` - `okta` - `patreon` - `reddit` - `twitch` - `twitter` */ providerType: pulumi.Input<string>; /** * Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set. */ requestTokenUrl?: pulumi.Input<string>; slug: pulumi.Input<string>; /** * Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny` */ userMatchingMode?: pulumi.Input<string>; userPathTemplate?: pulumi.Input<string>; uuid?: pulumi.Input<string>; }