pulumi-fusionauth
Version:
A Pulumi package for managing FusionAuth instances.
718 lines (717 loc) • 29.8 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
* ## # Tenant Resource
*
* A FusionAuth Tenant is a named object that represents a discrete namespace for Users, Applications and Groups. A user is unique by email address or username within a tenant.
*
* Tenants may be useful to support a multi-tenant application where you wish to use a single instance of FusionAuth but require the ability to have duplicate users across the tenants in your own application. In this scenario a user may exist multiple times with the same email address and different passwords across tenants.
*
* Tenants may also be useful in a test or staging environment to allow multiple users to call APIs and create and modify users without possibility of collision.
*
* [Tenants API](https://fusionauth.io/docs/v1/tech/apis/tenants)
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fusionauth from "pulumi-fusionauth";
*
* const example = new fusionauth.FusionAuthTenant("example", {
* connectorPolicies: [{
* connectorId: "b57b3d0f-f7a4-4831-a838-549717362ea8",
* domains: ["*"],
* migrate: false,
* }],
* emailConfiguration: {
* forgotPasswordEmailTemplateId: fusionauth_email.ForgotPassword_Example.id,
* host: "smtp.sendgrid.net",
* password: "password",
* passwordlessEmailTemplateId: fusionauth_email.PasswordlessLogin_Example.id,
* port: 587,
* security: "TLS",
* setPasswordEmailTemplateId: fusionauth_email.SetupPassword_Example.id,
* username: "username",
* verifyEmail: true,
* verifyEmailWhenChanged: true,
* additionalHeaders: {
* HeaderName1: "HeaderValue1",
* HeaderName2: "HeaderValue2",
* },
* },
* eventConfigurations: [
* {
* enabled: false,
* event: "jwt.public-key.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "jwt.refresh-token.revoke",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "jwt.refresh",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.create",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.create.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.delete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.delete.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.member.add",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.member.add.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.member.remove",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.member.remove.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.member.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.member.update.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "group.update.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.action",
* transactionType: "None",
* },
* {
* event: "user.bulk.create",
* enabled: false,
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.create",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.create.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.deactivate",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.delete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.delete.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.email.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.email.verified",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.identity-provider.link",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.identity-provider.unlink",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.loginId.duplicate.create",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.loginId.duplicate.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.login.failed",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.login.new-device",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.login.success",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.login.suspicious",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.password.breach",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.password.reset.send",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.password.reset.start",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.password.reset.success",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.password.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.reactivate",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.registration.create",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.registration.create.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.registration.delete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.registration.delete.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.registration.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.registration.update.complete",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.registration.verified",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.two-factor.method.add",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.two-factor.method.remove",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.update",
* transactionType: "None",
* },
* {
* enabled: false,
* event: "user.update.complete",
* transactionType: "None",
* },
* ],
* externalIdentifierConfiguration: {
* authorizationGrantIdTimeToLiveInSeconds: 30,
* changePasswordIdGenerator: {
* length: 32,
* type: "randomBytes",
* },
* changePasswordIdTimeToLiveInSeconds: 600,
* deviceCodeTimeToLiveInSeconds: 1800,
* deviceUserCodeIdGenerator: {
* length: 6,
* type: "randomAlphaNumeric",
* },
* emailVerificationIdGenerator: {
* length: 32,
* type: "randomBytes",
* },
* emailVerificationIdTimeToLiveInSeconds: 86400,
* emailVerificationOneTimeCodeGenerator: {
* length: 6,
* type: "randomAlphaNumeric",
* },
* externalAuthenticationIdTimeToLiveInSeconds: 300,
* loginIntentTimeToLiveInSeconds: 1800,
* oneTimePasswordTimeToLiveInSeconds: 60,
* passwordlessLoginGenerator: {
* length: 32,
* type: "randomBytes",
* },
* passwordlessLoginTimeToLiveInSeconds: 600,
* registrationVerificationIdGenerator: {
* length: 32,
* type: "randomBytes",
* },
* registrationVerificationIdTimeToLiveInSeconds: 86400,
* registrationVerificationOneTimeCodeGenerator: {
* length: 6,
* type: "randomAlphaNumeric",
* },
* samlV2AuthnRequestIdTtlSeconds: 300,
* setupPasswordIdGenerator: {
* length: 32,
* type: "randomBytes",
* },
* setupPasswordIdTimeToLiveInSeconds: 86400,
* twoFactorIdTimeToLiveInSeconds: 300,
* twoFactorOneTimeCodeIdGenerator: {
* length: 6,
* type: "randomDigits",
* },
* twoFactorOneTimeCodeIdTimeToLiveInSeconds: 60,
* twoFactorTrustIdTimeToLiveInSeconds: 2592000,
* },
* failedAuthenticationConfiguration: {
* actionDuration: 3,
* actionDurationUnit: "MINUTES",
* resetCountInSeconds: 60,
* tooManyAttempts: 5,
* },
* familyConfiguration: {
* allowChildRegistrations: true,
* deleteOrphanedAccounts: false,
* deleteOrphanedAccountsDays: 30,
* enabled: true,
* maximumChildAge: 12,
* minimumOwnerAge: 21,
* parentEmailRequired: false,
* },
* formConfiguration: {
* adminUserFormId: "e92751a5-25f4-4bca-ad91-66cdf67725d2",
* },
* httpSessionMaxInactiveInterval: 3600,
* issuer: "https://example.com",
* jwtConfigurations: [{
* accessTokenKeyId: fusionauth_key.accesstoken.id,
* idTokenKeyId: fusionauth_key.idtoken.id,
* refreshTokenTimeToLiveInMinutes: 43200,
* timeToLiveInSeconds: 3600,
* }],
* loginConfiguration: {
* requireAuthentication: true,
* },
* maximumPasswordAge: {
* days: 180,
* enabled: false,
* },
* minimumPasswordAge: {
* enabled: false,
* seconds: 30,
* },
* oauthConfigurations: [{
* clientCredentialsAccessTokenPopulateLambdaId: fusionauth_lambda.client_jwt_populate.id,
* }],
* passwordEncryptionConfigurations: [{
* encryptionScheme: "salted-pbkdf2-hmac-sha256",
* encryptionSchemeFactor: 24000,
* modifyEncryptionSchemeOnLogin: false,
* }],
* passwordValidationRules: {
* maxLength: 256,
* minLength: 7,
* rememberPreviousPasswords: {
* count: 1,
* enabled: false,
* },
* requiredMixedCase: false,
* requireNonAlpha: false,
* requireNumber: false,
* validateOnLogin: false,
* },
* rateLimitConfiguration: {
* failedLogin: {
* enabled: true,
* limit: 5,
* timePeriodInSeconds: 60,
* },
* forgotPassword: {
* enabled: false,
* limit: 5,
* timePeriodInSeconds: 60,
* },
* sendEmailVerification: {
* enabled: false,
* limit: 5,
* timePeriodInSeconds: 60,
* },
* sendPasswordless: {
* enabled: false,
* limit: 5,
* timePeriodInSeconds: 60,
* },
* sendRegistrationVerification: {
* enabled: false,
* limit: 5,
* timePeriodInSeconds: 60,
* },
* sendTwoFactor: {
* enabled: false,
* limit: 5,
* timePeriodInSeconds: 60,
* },
* },
* registrationConfiguration: {
* blockedDomains: ["example.com"],
* },
* captchaConfiguration: {
* enabled: true,
* captchaMethod: "GoogleRecaptchaV3",
* siteKey: "captcha_site_key",
* secretKey: "captcha_secret_key",
* threshold: 0.5,
* },
* themeId: fusionauth_theme.example_theme.id,
* userDeletePolicy: {
* unverifiedEnabled: false,
* unverifiedNumberOfDaysToRetain: 30,
* },
* });
* ```
*/
export declare class FusionAuthTenant extends pulumi.CustomResource {
/**
* Get an existing FusionAuthTenant resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FusionAuthTenantState, opts?: pulumi.CustomResourceOptions): FusionAuthTenant;
/**
* Returns true if the given object is an instance of FusionAuthTenant. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is FusionAuthTenant;
readonly accessControlConfiguration: pulumi.Output<outputs.FusionAuthTenantAccessControlConfiguration | undefined>;
readonly captchaConfiguration: pulumi.Output<outputs.FusionAuthTenantCaptchaConfiguration>;
/**
* A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
*/
readonly connectorPolicies: pulumi.Output<outputs.FusionAuthTenantConnectorPolicy[]>;
/**
* An object that can hold any information about the Tenant that should be persisted.
*/
readonly data: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The email configuration for the tenant.
*/
readonly emailConfiguration: pulumi.Output<outputs.FusionAuthTenantEmailConfiguration | undefined>;
readonly eventConfigurations: pulumi.Output<outputs.FusionAuthTenantEventConfiguration[] | undefined>;
readonly externalIdentifierConfiguration: pulumi.Output<outputs.FusionAuthTenantExternalIdentifierConfiguration | undefined>;
readonly failedAuthenticationConfiguration: pulumi.Output<outputs.FusionAuthTenantFailedAuthenticationConfiguration>;
readonly familyConfiguration: pulumi.Output<outputs.FusionAuthTenantFamilyConfiguration>;
readonly formConfiguration: pulumi.Output<outputs.FusionAuthTenantFormConfiguration>;
/**
* Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
*/
readonly httpSessionMaxInactiveInterval: pulumi.Output<number | undefined>;
/**
* The named issuer used to sign tokens, this is generally your public fully qualified domain.
*/
readonly issuer: pulumi.Output<string>;
/**
* The JWT configuration for the tenant.
*/
readonly jwtConfigurations: pulumi.Output<outputs.FusionAuthTenantJwtConfiguration[] | undefined>;
/**
* Lamnda configuration for this tenant.
*/
readonly lambdaConfiguration: pulumi.Output<outputs.FusionAuthTenantLambdaConfiguration | undefined>;
readonly loginConfiguration: pulumi.Output<outputs.FusionAuthTenantLoginConfiguration | undefined>;
/**
* The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
*/
readonly logoutUrl: pulumi.Output<string | undefined>;
readonly maximumPasswordAge: pulumi.Output<outputs.FusionAuthTenantMaximumPasswordAge>;
readonly minimumPasswordAge: pulumi.Output<outputs.FusionAuthTenantMinimumPasswordAge>;
readonly multiFactorConfiguration: pulumi.Output<outputs.FusionAuthTenantMultiFactorConfiguration | undefined>;
/**
* The unique name of the Tenant.
*/
readonly name: pulumi.Output<string>;
readonly oauthConfigurations: pulumi.Output<outputs.FusionAuthTenantOauthConfiguration[] | undefined>;
readonly passwordEncryptionConfigurations: pulumi.Output<outputs.FusionAuthTenantPasswordEncryptionConfiguration[]>;
readonly passwordValidationRules: pulumi.Output<outputs.FusionAuthTenantPasswordValidationRules>;
readonly rateLimitConfiguration: pulumi.Output<outputs.FusionAuthTenantRateLimitConfiguration>;
readonly registrationConfiguration: pulumi.Output<outputs.FusionAuthTenantRegistrationConfiguration>;
readonly scimServerConfiguration: pulumi.Output<outputs.FusionAuthTenantScimServerConfiguration | undefined>;
/**
* The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
*/
readonly sourceTenantId: pulumi.Output<string | undefined>;
readonly ssoConfiguration: pulumi.Output<outputs.FusionAuthTenantSsoConfiguration | undefined>;
/**
* The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
*/
readonly tenantId: pulumi.Output<string>;
/**
* The unique Id of the theme to be used to style the login page and other end user templates.
*/
readonly themeId: pulumi.Output<string>;
readonly userDeletePolicy: pulumi.Output<outputs.FusionAuthTenantUserDeletePolicy>;
readonly usernameConfiguration: pulumi.Output<outputs.FusionAuthTenantUsernameConfiguration>;
/**
* The WebAuthn configuration for this tenant.
*/
readonly webauthnConfiguration: pulumi.Output<outputs.FusionAuthTenantWebauthnConfiguration | undefined>;
/**
* An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
*/
readonly webhookIds: pulumi.Output<string[] | undefined>;
/**
* Create a FusionAuthTenant resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: FusionAuthTenantArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering FusionAuthTenant resources.
*/
export interface FusionAuthTenantState {
accessControlConfiguration?: pulumi.Input<inputs.FusionAuthTenantAccessControlConfiguration>;
captchaConfiguration?: pulumi.Input<inputs.FusionAuthTenantCaptchaConfiguration>;
/**
* A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
*/
connectorPolicies?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantConnectorPolicy>[]>;
/**
* An object that can hold any information about the Tenant that should be persisted.
*/
data?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The email configuration for the tenant.
*/
emailConfiguration?: pulumi.Input<inputs.FusionAuthTenantEmailConfiguration>;
eventConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantEventConfiguration>[]>;
externalIdentifierConfiguration?: pulumi.Input<inputs.FusionAuthTenantExternalIdentifierConfiguration>;
failedAuthenticationConfiguration?: pulumi.Input<inputs.FusionAuthTenantFailedAuthenticationConfiguration>;
familyConfiguration?: pulumi.Input<inputs.FusionAuthTenantFamilyConfiguration>;
formConfiguration?: pulumi.Input<inputs.FusionAuthTenantFormConfiguration>;
/**
* Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
*/
httpSessionMaxInactiveInterval?: pulumi.Input<number>;
/**
* The named issuer used to sign tokens, this is generally your public fully qualified domain.
*/
issuer?: pulumi.Input<string>;
/**
* The JWT configuration for the tenant.
*/
jwtConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantJwtConfiguration>[]>;
/**
* Lamnda configuration for this tenant.
*/
lambdaConfiguration?: pulumi.Input<inputs.FusionAuthTenantLambdaConfiguration>;
loginConfiguration?: pulumi.Input<inputs.FusionAuthTenantLoginConfiguration>;
/**
* The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
*/
logoutUrl?: pulumi.Input<string>;
maximumPasswordAge?: pulumi.Input<inputs.FusionAuthTenantMaximumPasswordAge>;
minimumPasswordAge?: pulumi.Input<inputs.FusionAuthTenantMinimumPasswordAge>;
multiFactorConfiguration?: pulumi.Input<inputs.FusionAuthTenantMultiFactorConfiguration>;
/**
* The unique name of the Tenant.
*/
name?: pulumi.Input<string>;
oauthConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantOauthConfiguration>[]>;
passwordEncryptionConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantPasswordEncryptionConfiguration>[]>;
passwordValidationRules?: pulumi.Input<inputs.FusionAuthTenantPasswordValidationRules>;
rateLimitConfiguration?: pulumi.Input<inputs.FusionAuthTenantRateLimitConfiguration>;
registrationConfiguration?: pulumi.Input<inputs.FusionAuthTenantRegistrationConfiguration>;
scimServerConfiguration?: pulumi.Input<inputs.FusionAuthTenantScimServerConfiguration>;
/**
* The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
*/
sourceTenantId?: pulumi.Input<string>;
ssoConfiguration?: pulumi.Input<inputs.FusionAuthTenantSsoConfiguration>;
/**
* The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
*/
tenantId?: pulumi.Input<string>;
/**
* The unique Id of the theme to be used to style the login page and other end user templates.
*/
themeId?: pulumi.Input<string>;
userDeletePolicy?: pulumi.Input<inputs.FusionAuthTenantUserDeletePolicy>;
usernameConfiguration?: pulumi.Input<inputs.FusionAuthTenantUsernameConfiguration>;
/**
* The WebAuthn configuration for this tenant.
*/
webauthnConfiguration?: pulumi.Input<inputs.FusionAuthTenantWebauthnConfiguration>;
/**
* An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
*/
webhookIds?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* The set of arguments for constructing a FusionAuthTenant resource.
*/
export interface FusionAuthTenantArgs {
accessControlConfiguration?: pulumi.Input<inputs.FusionAuthTenantAccessControlConfiguration>;
captchaConfiguration?: pulumi.Input<inputs.FusionAuthTenantCaptchaConfiguration>;
/**
* A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.
*/
connectorPolicies?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantConnectorPolicy>[]>;
/**
* An object that can hold any information about the Tenant that should be persisted.
*/
data?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The email configuration for the tenant.
*/
emailConfiguration?: pulumi.Input<inputs.FusionAuthTenantEmailConfiguration>;
eventConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantEventConfiguration>[]>;
externalIdentifierConfiguration?: pulumi.Input<inputs.FusionAuthTenantExternalIdentifierConfiguration>;
failedAuthenticationConfiguration?: pulumi.Input<inputs.FusionAuthTenantFailedAuthenticationConfiguration>;
familyConfiguration?: pulumi.Input<inputs.FusionAuthTenantFamilyConfiguration>;
formConfiguration?: pulumi.Input<inputs.FusionAuthTenantFormConfiguration>;
/**
* Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.
*/
httpSessionMaxInactiveInterval?: pulumi.Input<number>;
/**
* The named issuer used to sign tokens, this is generally your public fully qualified domain.
*/
issuer?: pulumi.Input<string>;
/**
* The JWT configuration for the tenant.
*/
jwtConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantJwtConfiguration>[]>;
/**
* Lamnda configuration for this tenant.
*/
lambdaConfiguration?: pulumi.Input<inputs.FusionAuthTenantLambdaConfiguration>;
loginConfiguration?: pulumi.Input<inputs.FusionAuthTenantLoginConfiguration>;
/**
* The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.
*/
logoutUrl?: pulumi.Input<string>;
maximumPasswordAge?: pulumi.Input<inputs.FusionAuthTenantMaximumPasswordAge>;
minimumPasswordAge?: pulumi.Input<inputs.FusionAuthTenantMinimumPasswordAge>;
multiFactorConfiguration?: pulumi.Input<inputs.FusionAuthTenantMultiFactorConfiguration>;
/**
* The unique name of the Tenant.
*/
name?: pulumi.Input<string>;
oauthConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantOauthConfiguration>[]>;
passwordEncryptionConfigurations?: pulumi.Input<pulumi.Input<inputs.FusionAuthTenantPasswordEncryptionConfiguration>[]>;
passwordValidationRules?: pulumi.Input<inputs.FusionAuthTenantPasswordValidationRules>;
rateLimitConfiguration?: pulumi.Input<inputs.FusionAuthTenantRateLimitConfiguration>;
registrationConfiguration?: pulumi.Input<inputs.FusionAuthTenantRegistrationConfiguration>;
scimServerConfiguration?: pulumi.Input<inputs.FusionAuthTenantScimServerConfiguration>;
/**
* The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.
*/
sourceTenantId?: pulumi.Input<string>;
ssoConfiguration?: pulumi.Input<inputs.FusionAuthTenantSsoConfiguration>;
/**
* The Id to use for the new Tenant. If not specified a secure random UUID will be generated.
*/
tenantId?: pulumi.Input<string>;
/**
* The unique Id of the theme to be used to style the login page and other end user templates.
*/
themeId?: pulumi.Input<string>;
userDeletePolicy?: pulumi.Input<inputs.FusionAuthTenantUserDeletePolicy>;
usernameConfiguration?: pulumi.Input<inputs.FusionAuthTenantUsernameConfiguration>;
/**
* The WebAuthn configuration for this tenant.
*/
webauthnConfiguration?: pulumi.Input<inputs.FusionAuthTenantWebauthnConfiguration>;
/**
* An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
*/
webhookIds?: pulumi.Input<pulumi.Input<string>[]>;
}