UNPKG

pulumi-fusionauth

Version:

A Pulumi package for managing FusionAuth instances.

github.com/theogravity/pulumi-fusionauth

theogravity/pulumi-fusionauth

246 lines (245 loc) 12.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; export declare class FusionAuthIdpSamlV2IdpInitiated extends pulumi.CustomResource { /** * Get an existing FusionAuthIdpSamlV2IdpInitiated resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FusionAuthIdpSamlV2IdpInitiatedState, opts?: pulumi.CustomResourceOptions): FusionAuthIdpSamlV2IdpInitiated; /** * Returns true if the given object is an instance of FusionAuthIdpSamlV2IdpInitiated. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FusionAuthIdpSamlV2IdpInitiated; /** * The configuration for each Application that the identity provider is enabled for. */ readonly applicationConfigurations: pulumi.Output<outputs.FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration[] | undefined>; /** * The assertion configuration for the SAML v2 identity provider. */ readonly assertionConfiguration: pulumi.Output<outputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration | undefined>; /** * Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login * an Event Log will be created. */ readonly debug: pulumi.Output<boolean | undefined>; /** * The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely * identity the user. If this is not set, the `useNameForEmail` flag must be true. */ readonly emailClaim: pulumi.Output<string | undefined>; /** * Determines if this provider is enabled. If it is false then it will be disabled globally. */ readonly enabled: pulumi.Output<boolean | undefined>; /** * The ID to use for the new identity provider. If not specified a secure random UUID will be generated. */ readonly idpId: pulumi.Output<string | undefined>; /** * The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 * this value was required to be a URL. */ readonly issuer: pulumi.Output<string>; /** * The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the * identity provider. This key must be a verification only key or certificate (meaning that it only has a public key * component). */ readonly keyId: pulumi.Output<string>; /** * The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response. */ readonly lambdaReconcileId: pulumi.Output<string | undefined>; /** * The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user. */ readonly linkingStrategy: pulumi.Output<string>; /** * The name of this SAML v2 identity provider. This is only used for display purposes. */ readonly name: pulumi.Output<string>; /** * The configuration for each Tenant that limits the number of links a user may have for a particular identity provider. */ readonly tenantConfigurations: pulumi.Output<outputs.FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration[] | undefined>; /** * The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, * the `emailClaim` will be used when linking user. */ readonly uniqueIdClaim: pulumi.Output<string | undefined>; /** * Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation * processing. If this is false, then the `emailClaim` property must be set. */ readonly useNameForEmail: pulumi.Output<boolean | undefined>; /** * The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID * value will be used to link a user. This property is required when `linkingStategy` is set to LinkByUsername or * LinkByUsernameForExistingUser */ readonly usernameClaim: pulumi.Output<string | undefined>; /** * Create a FusionAuthIdpSamlV2IdpInitiated resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FusionAuthIdpSamlV2IdpInitiatedArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering FusionAuthIdpSamlV2IdpInitiated resources. */ export interface FusionAuthIdpSamlV2IdpInitiatedState { /** * The configuration for each Application that the identity provider is enabled for. */ applicationConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration>[]>; /** * The assertion configuration for the SAML v2 identity provider. */ assertionConfiguration?: pulumi.Input<inputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration>; /** * Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login * an Event Log will be created. */ debug?: pulumi.Input<boolean>; /** * The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely * identity the user. If this is not set, the `useNameForEmail` flag must be true. */ emailClaim?: pulumi.Input<string>; /** * Determines if this provider is enabled. If it is false then it will be disabled globally. */ enabled?: pulumi.Input<boolean>; /** * The ID to use for the new identity provider. If not specified a secure random UUID will be generated. */ idpId?: pulumi.Input<string>; /** * The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 * this value was required to be a URL. */ issuer?: pulumi.Input<string>; /** * The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the * identity provider. This key must be a verification only key or certificate (meaning that it only has a public key * component). */ keyId?: pulumi.Input<string>; /** * The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response. */ lambdaReconcileId?: pulumi.Input<string>; /** * The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user. */ linkingStrategy?: pulumi.Input<string>; /** * The name of this SAML v2 identity provider. This is only used for display purposes. */ name?: pulumi.Input<string>; /** * The configuration for each Tenant that limits the number of links a user may have for a particular identity provider. */ tenantConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration>[]>; /** * The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, * the `emailClaim` will be used when linking user. */ uniqueIdClaim?: pulumi.Input<string>; /** * Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation * processing. If this is false, then the `emailClaim` property must be set. */ useNameForEmail?: pulumi.Input<boolean>; /** * The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID * value will be used to link a user. This property is required when `linkingStategy` is set to LinkByUsername or * LinkByUsernameForExistingUser */ usernameClaim?: pulumi.Input<string>; } /** * The set of arguments for constructing a FusionAuthIdpSamlV2IdpInitiated resource. */ export interface FusionAuthIdpSamlV2IdpInitiatedArgs { /** * The configuration for each Application that the identity provider is enabled for. */ applicationConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration>[]>; /** * The assertion configuration for the SAML v2 identity provider. */ assertionConfiguration?: pulumi.Input<inputs.FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration>; /** * Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login * an Event Log will be created. */ debug?: pulumi.Input<boolean>; /** * The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely * identity the user. If this is not set, the `useNameForEmail` flag must be true. */ emailClaim?: pulumi.Input<string>; /** * Determines if this provider is enabled. If it is false then it will be disabled globally. */ enabled?: pulumi.Input<boolean>; /** * The ID to use for the new identity provider. If not specified a secure random UUID will be generated. */ idpId?: pulumi.Input<string>; /** * The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1 * this value was required to be a URL. */ issuer: pulumi.Input<string>; /** * The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the * identity provider. This key must be a verification only key or certificate (meaning that it only has a public key * component). */ keyId: pulumi.Input<string>; /** * The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response. */ lambdaReconcileId?: pulumi.Input<string>; /** * The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user. */ linkingStrategy?: pulumi.Input<string>; /** * The name of this SAML v2 identity provider. This is only used for display purposes. */ name?: pulumi.Input<string>; /** * The configuration for each Tenant that limits the number of links a user may have for a particular identity provider. */ tenantConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration>[]>; /** * The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, * the `emailClaim` will be used when linking user. */ uniqueIdClaim?: pulumi.Input<string>; /** * Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation * processing. If this is false, then the `emailClaim` property must be set. */ useNameForEmail?: pulumi.Input<boolean>; /** * The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID * value will be used to link a user. This property is required when `linkingStategy` is set to LinkByUsername or * LinkByUsernameForExistingUser */ usernameClaim?: pulumi.Input<string>; }