@osmit-gmbh/pulumi-authentik
Version:
A Pulumi package for creating and managing authentik cloud resources.
236 lines (235 loc) • 9.18 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as authentik from "@osmit-gmbh/pulumi-authentik";
* import * as authentik from "@pulumi/authentik";
*
* // Create OAuth Source using an existing provider
* const default-source-authentication = authentik.getFlow({
* slug: "default-source-authentication",
* });
* const default-source-enrollment = authentik.getFlow({
* slug: "default-source-enrollment",
* });
* const name = new authentik.SourceOauth("name", {
* name: "discord",
* slug: "discord",
* authenticationFlow: default_source_authentication.then(default_source_authentication => default_source_authentication.id),
* enrollmentFlow: default_source_enrollment.then(default_source_enrollment => default_source_enrollment.id),
* providerType: "discord",
* consumerKey: "foo",
* consumerSecret: "bar",
* });
* ```
*/
export declare class SourceOauth extends pulumi.CustomResource {
/**
* Get an existing SourceOauth resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SourceOauthState, opts?: pulumi.CustomResourceOptions): SourceOauth;
/**
* Returns true if the given object is an instance of SourceOauth. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is SourceOauth;
/**
* Only required for OAuth1.
*/
readonly accessTokenUrl: pulumi.Output<string | undefined>;
readonly additionalScopes: pulumi.Output<string | undefined>;
readonly authenticationFlow: pulumi.Output<string | undefined>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
readonly authorizationUrl: pulumi.Output<string | undefined>;
readonly callbackUri: pulumi.Output<string>;
readonly consumerKey: pulumi.Output<string>;
readonly consumerSecret: pulumi.Output<string>;
readonly enabled: pulumi.Output<boolean | undefined>;
readonly enrollmentFlow: pulumi.Output<string | undefined>;
/**
* Allowed values: - `identifier` - `nameLink` - `nameDeny`
*/
readonly groupMatchingMode: pulumi.Output<string | undefined>;
readonly name: pulumi.Output<string>;
/**
* Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to
* pass objects.
*/
readonly oidcJwks: pulumi.Output<string>;
/**
* Automatically configure JWKS if not specified by `oidcWellKnownUrl`.
*/
readonly oidcJwksUrl: pulumi.Output<string | undefined>;
/**
* Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with
* `.well-known/openid-configuration`.
*/
readonly oidcWellKnownUrl: pulumi.Output<string | undefined>;
/**
* Allowed values: - `all` - `any`
*/
readonly policyEngineMode: pulumi.Output<string | undefined>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
readonly profileUrl: pulumi.Output<string | undefined>;
/**
* Allowed values: - `apple` - `openidconnect` - `azuread` - `discord` - `facebook` - `github` - `gitlab` - `google` -
* `mailcow` - `okta` - `patreon` - `reddit` - `twitch` - `twitter`
*/
readonly providerType: pulumi.Output<string>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
readonly requestTokenUrl: pulumi.Output<string | undefined>;
readonly slug: pulumi.Output<string>;
/**
* Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny`
*/
readonly userMatchingMode: pulumi.Output<string | undefined>;
readonly userPathTemplate: pulumi.Output<string | undefined>;
readonly uuid: pulumi.Output<string>;
/**
* Create a SourceOauth resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: SourceOauthArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering SourceOauth resources.
*/
export interface SourceOauthState {
/**
* Only required for OAuth1.
*/
accessTokenUrl?: pulumi.Input<string>;
additionalScopes?: pulumi.Input<string>;
authenticationFlow?: pulumi.Input<string>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
authorizationUrl?: pulumi.Input<string>;
callbackUri?: pulumi.Input<string>;
consumerKey?: pulumi.Input<string>;
consumerSecret?: pulumi.Input<string>;
enabled?: pulumi.Input<boolean>;
enrollmentFlow?: pulumi.Input<string>;
/**
* Allowed values: - `identifier` - `nameLink` - `nameDeny`
*/
groupMatchingMode?: pulumi.Input<string>;
name?: pulumi.Input<string>;
/**
* Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to
* pass objects.
*/
oidcJwks?: pulumi.Input<string>;
/**
* Automatically configure JWKS if not specified by `oidcWellKnownUrl`.
*/
oidcJwksUrl?: pulumi.Input<string>;
/**
* Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with
* `.well-known/openid-configuration`.
*/
oidcWellKnownUrl?: pulumi.Input<string>;
/**
* Allowed values: - `all` - `any`
*/
policyEngineMode?: pulumi.Input<string>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
profileUrl?: pulumi.Input<string>;
/**
* Allowed values: - `apple` - `openidconnect` - `azuread` - `discord` - `facebook` - `github` - `gitlab` - `google` -
* `mailcow` - `okta` - `patreon` - `reddit` - `twitch` - `twitter`
*/
providerType?: pulumi.Input<string>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
requestTokenUrl?: pulumi.Input<string>;
slug?: pulumi.Input<string>;
/**
* Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny`
*/
userMatchingMode?: pulumi.Input<string>;
userPathTemplate?: pulumi.Input<string>;
uuid?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a SourceOauth resource.
*/
export interface SourceOauthArgs {
/**
* Only required for OAuth1.
*/
accessTokenUrl?: pulumi.Input<string>;
additionalScopes?: pulumi.Input<string>;
authenticationFlow?: pulumi.Input<string>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
authorizationUrl?: pulumi.Input<string>;
consumerKey: pulumi.Input<string>;
consumerSecret: pulumi.Input<string>;
enabled?: pulumi.Input<boolean>;
enrollmentFlow?: pulumi.Input<string>;
/**
* Allowed values: - `identifier` - `nameLink` - `nameDeny`
*/
groupMatchingMode?: pulumi.Input<string>;
name?: pulumi.Input<string>;
/**
* Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to
* pass objects.
*/
oidcJwks?: pulumi.Input<string>;
/**
* Automatically configure JWKS if not specified by `oidcWellKnownUrl`.
*/
oidcJwksUrl?: pulumi.Input<string>;
/**
* Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with
* `.well-known/openid-configuration`.
*/
oidcWellKnownUrl?: pulumi.Input<string>;
/**
* Allowed values: - `all` - `any`
*/
policyEngineMode?: pulumi.Input<string>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
profileUrl?: pulumi.Input<string>;
/**
* Allowed values: - `apple` - `openidconnect` - `azuread` - `discord` - `facebook` - `github` - `gitlab` - `google` -
* `mailcow` - `okta` - `patreon` - `reddit` - `twitch` - `twitter`
*/
providerType: pulumi.Input<string>;
/**
* Manually configure OAuth2 URLs when `oidcWellKnownUrl` is not set.
*/
requestTokenUrl?: pulumi.Input<string>;
slug: pulumi.Input<string>;
/**
* Allowed values: - `identifier` - `emailLink` - `emailDeny` - `usernameLink` - `usernameDeny`
*/
userMatchingMode?: pulumi.Input<string>;
userPathTemplate?: pulumi.Input<string>;
uuid?: pulumi.Input<string>;
}