@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
317 lines (316 loc) • 11.9 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* SAML server entry configuration. Applies to FortiOS Version `>= 6.2.4`.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const tr3 = new fortios.user.Saml("tr3", {
* cert: "Fortinet_Factory",
* entityId: "https://1.1.1.1",
* idpCert: "cer11",
* idpEntityId: "https://1.1.1.1/acc",
* idpSingleLogoutUrl: "https://1.1.1.1/lo",
* idpSingleSignOnUrl: "https://1.1.1.1/sou",
* singleLogoutUrl: "https://1.1.1.1/logout",
* singleSignOnUrl: "https://1.1.1.1/sign",
* userName: "ad111",
* });
* ```
*
* ## Import
*
* User Saml can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:user/saml:Saml labelname {{name}}
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:user/saml:Saml labelname {{name}}
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Saml extends pulumi.CustomResource {
/**
* Get an existing Saml resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SamlState, opts?: pulumi.CustomResourceOptions): Saml;
/**
* Returns true if the given object is an instance of Saml. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Saml;
/**
* Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values: `enable`, `disable`.
*/
readonly adfsClaim: pulumi.Output<string>;
/**
* URL to verify authentication.
*/
readonly authUrl: pulumi.Output<string | undefined>;
/**
* Certificate to sign SAML messages.
*/
readonly cert: pulumi.Output<string>;
/**
* Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
*/
readonly clockTolerance: pulumi.Output<number>;
/**
* Digest Method Algorithm. (default = sha1). Valid values: `sha1`, `sha256`.
*/
readonly digestMethod: pulumi.Output<string>;
/**
* SP entity ID.
*/
readonly entityId: pulumi.Output<string>;
/**
* Group claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`.
*/
readonly groupClaimType: pulumi.Output<string>;
/**
* Group name in assertion statement.
*/
readonly groupName: pulumi.Output<string>;
/**
* IDP Certificate name.
*/
readonly idpCert: pulumi.Output<string>;
/**
* IDP entity ID.
*/
readonly idpEntityId: pulumi.Output<string>;
/**
* IDP single logout url.
*/
readonly idpSingleLogoutUrl: pulumi.Output<string>;
/**
* IDP single sign-on URL.
*/
readonly idpSingleSignOnUrl: pulumi.Output<string>;
/**
* Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values: `enable`, `disable`.
*/
readonly limitRelaystate: pulumi.Output<string>;
/**
* SAML server entry name.
*/
readonly name: pulumi.Output<string>;
/**
* Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values: `enable`, `disable`.
*/
readonly reauth: pulumi.Output<string>;
/**
* SP single logout URL.
*/
readonly singleLogoutUrl: pulumi.Output<string>;
/**
* SP single sign-on URL.
*/
readonly singleSignOnUrl: pulumi.Output<string>;
/**
* User name claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`.
*/
readonly userClaimType: pulumi.Output<string>;
/**
* User name in assertion statement.
*/
readonly userName: pulumi.Output<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* Create a Saml resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: SamlArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Saml resources.
*/
export interface SamlState {
/**
* Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values: `enable`, `disable`.
*/
adfsClaim?: pulumi.Input<string>;
/**
* URL to verify authentication.
*/
authUrl?: pulumi.Input<string>;
/**
* Certificate to sign SAML messages.
*/
cert?: pulumi.Input<string>;
/**
* Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
*/
clockTolerance?: pulumi.Input<number>;
/**
* Digest Method Algorithm. (default = sha1). Valid values: `sha1`, `sha256`.
*/
digestMethod?: pulumi.Input<string>;
/**
* SP entity ID.
*/
entityId?: pulumi.Input<string>;
/**
* Group claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`.
*/
groupClaimType?: pulumi.Input<string>;
/**
* Group name in assertion statement.
*/
groupName?: pulumi.Input<string>;
/**
* IDP Certificate name.
*/
idpCert?: pulumi.Input<string>;
/**
* IDP entity ID.
*/
idpEntityId?: pulumi.Input<string>;
/**
* IDP single logout url.
*/
idpSingleLogoutUrl?: pulumi.Input<string>;
/**
* IDP single sign-on URL.
*/
idpSingleSignOnUrl?: pulumi.Input<string>;
/**
* Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values: `enable`, `disable`.
*/
limitRelaystate?: pulumi.Input<string>;
/**
* SAML server entry name.
*/
name?: pulumi.Input<string>;
/**
* Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values: `enable`, `disable`.
*/
reauth?: pulumi.Input<string>;
/**
* SP single logout URL.
*/
singleLogoutUrl?: pulumi.Input<string>;
/**
* SP single sign-on URL.
*/
singleSignOnUrl?: pulumi.Input<string>;
/**
* User name claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`.
*/
userClaimType?: pulumi.Input<string>;
/**
* User name in assertion statement.
*/
userName?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Saml resource.
*/
export interface SamlArgs {
/**
* Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values: `enable`, `disable`.
*/
adfsClaim?: pulumi.Input<string>;
/**
* URL to verify authentication.
*/
authUrl?: pulumi.Input<string>;
/**
* Certificate to sign SAML messages.
*/
cert?: pulumi.Input<string>;
/**
* Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).
*/
clockTolerance?: pulumi.Input<number>;
/**
* Digest Method Algorithm. (default = sha1). Valid values: `sha1`, `sha256`.
*/
digestMethod?: pulumi.Input<string>;
/**
* SP entity ID.
*/
entityId: pulumi.Input<string>;
/**
* Group claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`.
*/
groupClaimType?: pulumi.Input<string>;
/**
* Group name in assertion statement.
*/
groupName?: pulumi.Input<string>;
/**
* IDP Certificate name.
*/
idpCert: pulumi.Input<string>;
/**
* IDP entity ID.
*/
idpEntityId: pulumi.Input<string>;
/**
* IDP single logout url.
*/
idpSingleLogoutUrl?: pulumi.Input<string>;
/**
* IDP single sign-on URL.
*/
idpSingleSignOnUrl: pulumi.Input<string>;
/**
* Enable/disable limiting of relay-state parameter when it exceeds SAML 2.0 specification limits (80 bytes). Valid values: `enable`, `disable`.
*/
limitRelaystate?: pulumi.Input<string>;
/**
* SAML server entry name.
*/
name?: pulumi.Input<string>;
/**
* Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values: `enable`, `disable`.
*/
reauth?: pulumi.Input<string>;
/**
* SP single logout URL.
*/
singleLogoutUrl?: pulumi.Input<string>;
/**
* SP single sign-on URL.
*/
singleSignOnUrl: pulumi.Input<string>;
/**
* User name claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`.
*/
userClaimType?: pulumi.Input<string>;
/**
* User name in assertion statement.
*/
userName?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
}