Docs Home
opentelekomcloud 1.36.37 published on Thursday, Apr 24, 2025 by opentelekomcloud
opentelekomcloud.IdentityProtocolV3
Explore with Pulumi AI
opentelekomcloud 1.36.37 published on Thursday, Apr 24, 2025 by opentelekomcloud
Up-to-date reference of API arguments for IAM protocol you can get at documentation portal
Manages identity protocol resource providing binding between identity provider and identity mappings.
You must have security admin privileges in your OpenTelekomCloud cloud to use this resource. Please refer to User Management Model.
Example Usage
Basic SAML example
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";
const provider = new opentelekomcloud.IdentityProviderV3("provider", {
description: "This is simple identity provider",
enabled: true,
});
const mapping = new opentelekomcloud.IdentityMappingV3("mapping", {
mappingId: "ACME",
rules: fs.readFileSync("./rules.json", "utf8"),
});
const saml = new opentelekomcloud.IdentityProtocolV3("saml", {
protocol: "saml",
providerId: provider.identityProviderV3Id,
mappingId: mapping.identityMappingV3Id,
});
import pulumi
import pulumi_opentelekomcloud as opentelekomcloud
provider = opentelekomcloud.IdentityProviderV3("provider",
description="This is simple identity provider",
enabled=True)
mapping = opentelekomcloud.IdentityMappingV3("mapping",
mapping_id="ACME",
rules=(lambda path: open(path).read())("./rules.json"))
saml = opentelekomcloud.IdentityProtocolV3("saml",
protocol="saml",
provider_id=provider.identity_provider_v3_id,
mapping_id=mapping.identity_mapping_v3_id)
package main
import (
"os"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
provider, err := opentelekomcloud.NewIdentityProviderV3(ctx, "provider", &opentelekomcloud.IdentityProviderV3Args{
Description: pulumi.String("This is simple identity provider"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
mapping, err := opentelekomcloud.NewIdentityMappingV3(ctx, "mapping", &opentelekomcloud.IdentityMappingV3Args{
MappingId: pulumi.String("ACME"),
Rules: pulumi.String(readFileOrPanic("./rules.json")),
})
if err != nil {
return err
}
_, err = opentelekomcloud.NewIdentityProtocolV3(ctx, "saml", &opentelekomcloud.IdentityProtocolV3Args{
Protocol: pulumi.String("saml"),
ProviderId: provider.IdentityProviderV3Id,
MappingId: mapping.IdentityMappingV3Id,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;
return await Deployment.RunAsync(() =>
{
var provider = new Opentelekomcloud.IdentityProviderV3("provider", new()
{
Description = "This is simple identity provider",
Enabled = true,
});
var mapping = new Opentelekomcloud.IdentityMappingV3("mapping", new()
{
MappingId = "ACME",
Rules = File.ReadAllText("./rules.json"),
});
var saml = new Opentelekomcloud.IdentityProtocolV3("saml", new()
{
Protocol = "saml",
ProviderId = provider.IdentityProviderV3Id,
MappingId = mapping.IdentityMappingV3Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProviderV3;
import com.pulumi.opentelekomcloud.IdentityProviderV3Args;
import com.pulumi.opentelekomcloud.IdentityMappingV3;
import com.pulumi.opentelekomcloud.IdentityMappingV3Args;
import com.pulumi.opentelekomcloud.IdentityProtocolV3;
import com.pulumi.opentelekomcloud.IdentityProtocolV3Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var provider = new IdentityProviderV3("provider", IdentityProviderV3Args.builder()
.description("This is simple identity provider")
.enabled(true)
.build());
var mapping = new IdentityMappingV3("mapping", IdentityMappingV3Args.builder()
.mappingId("ACME")
.rules(Files.readString(Paths.get("./rules.json")))
.build());
var saml = new IdentityProtocolV3("saml", IdentityProtocolV3Args.builder()
.protocol("saml")
.providerId(provider.identityProviderV3Id())
.mappingId(mapping.identityMappingV3Id())
.build());
}
}
resources:
provider:
type: opentelekomcloud:IdentityProviderV3
properties:
description: This is simple identity provider
enabled: true
mapping:
type: opentelekomcloud:IdentityMappingV3
properties:
mappingId: ACME
rules:
fn::readFile: ./rules.json
saml:
type: opentelekomcloud:IdentityProtocolV3
properties:
protocol: saml
providerId: ${provider.identityProviderV3Id}
mappingId: ${mapping.identityMappingV3Id}
Basic OIDC example
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";
const provider = new opentelekomcloud.IdentityProviderV3("provider", {
description: "This is simple identity provider",
enabled: true,
});
const mapping = new opentelekomcloud.IdentityMappingV3("mapping", {
mappingId: "ACME",
rules: fs.readFileSync("./rules.json", "utf8"),
});
const saml = new opentelekomcloud.IdentityProtocolV3("saml", {
protocol: "oidc",
providerId: provider.identityProviderV3Id,
mappingId: mapping.identityMappingV3Id,
accessConfig: {
accessType: "program_console",
providerUrl: "https://accounts.example.com",
clientId: "your_client_id",
authorizationEndpoint: "https://accounts.example.com/o/oauth2/v2/auth",
scopes: ["openid"],
responseType: "id_token",
responseMode: "fragment",
signingKey: JSON.stringify({
keys: [{
alg: "RS256",
e: "AQAB",
kid: "...",
kty: "RSA",
n: "...",
use: "sig",
}],
}),
},
});
import pulumi
import json
import pulumi_opentelekomcloud as opentelekomcloud
provider = opentelekomcloud.IdentityProviderV3("provider",
description="This is simple identity provider",
enabled=True)
mapping = opentelekomcloud.IdentityMappingV3("mapping",
mapping_id="ACME",
rules=(lambda path: open(path).read())("./rules.json"))
saml = opentelekomcloud.IdentityProtocolV3("saml",
protocol="oidc",
provider_id=provider.identity_provider_v3_id,
mapping_id=mapping.identity_mapping_v3_id,
access_config={
"access_type": "program_console",
"provider_url": "https://accounts.example.com",
"client_id": "your_client_id",
"authorization_endpoint": "https://accounts.example.com/o/oauth2/v2/auth",
"scopes": ["openid"],
"response_type": "id_token",
"response_mode": "fragment",
"signing_key": json.dumps({
"keys": [{
"alg": "RS256",
"e": "AQAB",
"kid": "...",
"kty": "RSA",
"n": "...",
"use": "sig",
}],
}),
})
package main
import (
"encoding/json"
"os"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
provider, err := opentelekomcloud.NewIdentityProviderV3(ctx, "provider", &opentelekomcloud.IdentityProviderV3Args{
Description: pulumi.String("This is simple identity provider"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
mapping, err := opentelekomcloud.NewIdentityMappingV3(ctx, "mapping", &opentelekomcloud.IdentityMappingV3Args{
MappingId: pulumi.String("ACME"),
Rules: pulumi.String(readFileOrPanic("./rules.json")),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"keys": []map[string]interface{}{
map[string]interface{}{
"alg": "RS256",
"e": "AQAB",
"kid": "...",
"kty": "RSA",
"n": "...",
"use": "sig",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = opentelekomcloud.NewIdentityProtocolV3(ctx, "saml", &opentelekomcloud.IdentityProtocolV3Args{
Protocol: pulumi.String("oidc"),
ProviderId: provider.IdentityProviderV3Id,
MappingId: mapping.IdentityMappingV3Id,
AccessConfig: &opentelekomcloud.IdentityProtocolV3AccessConfigArgs{
AccessType: pulumi.String("program_console"),
ProviderUrl: pulumi.String("https://accounts.example.com"),
ClientId: pulumi.String("your_client_id"),
AuthorizationEndpoint: pulumi.String("https://accounts.example.com/o/oauth2/v2/auth"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
},
ResponseType: pulumi.String("id_token"),
ResponseMode: pulumi.String("fragment"),
SigningKey: pulumi.String(json0),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;
return await Deployment.RunAsync(() =>
{
var provider = new Opentelekomcloud.IdentityProviderV3("provider", new()
{
Description = "This is simple identity provider",
Enabled = true,
});
var mapping = new Opentelekomcloud.IdentityMappingV3("mapping", new()
{
MappingId = "ACME",
Rules = File.ReadAllText("./rules.json"),
});
var saml = new Opentelekomcloud.IdentityProtocolV3("saml", new()
{
Protocol = "oidc",
ProviderId = provider.IdentityProviderV3Id,
MappingId = mapping.IdentityMappingV3Id,
AccessConfig = new Opentelekomcloud.Inputs.IdentityProtocolV3AccessConfigArgs
{
AccessType = "program_console",
ProviderUrl = "https://accounts.example.com",
ClientId = "your_client_id",
AuthorizationEndpoint = "https://accounts.example.com/o/oauth2/v2/auth",
Scopes = new[]
{
"openid",
},
ResponseType = "id_token",
ResponseMode = "fragment",
SigningKey = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["keys"] = new[]
{
new Dictionary<string, object?>
{
["alg"] = "RS256",
["e"] = "AQAB",
["kid"] = "...",
["kty"] = "RSA",
["n"] = "...",
["use"] = "sig",
},
},
}),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProviderV3;
import com.pulumi.opentelekomcloud.IdentityProviderV3Args;
import com.pulumi.opentelekomcloud.IdentityMappingV3;
import com.pulumi.opentelekomcloud.IdentityMappingV3Args;
import com.pulumi.opentelekomcloud.IdentityProtocolV3;
import com.pulumi.opentelekomcloud.IdentityProtocolV3Args;
import com.pulumi.opentelekomcloud.inputs.IdentityProtocolV3AccessConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var provider = new IdentityProviderV3("provider", IdentityProviderV3Args.builder()
.description("This is simple identity provider")
.enabled(true)
.build());
var mapping = new IdentityMappingV3("mapping", IdentityMappingV3Args.builder()
.mappingId("ACME")
.rules(Files.readString(Paths.get("./rules.json")))
.build());
var saml = new IdentityProtocolV3("saml", IdentityProtocolV3Args.builder()
.protocol("oidc")
.providerId(provider.identityProviderV3Id())
.mappingId(mapping.identityMappingV3Id())
.accessConfig(IdentityProtocolV3AccessConfigArgs.builder()
.accessType("program_console")
.providerUrl("https://accounts.example.com")
.clientId("your_client_id")
.authorizationEndpoint("https://accounts.example.com/o/oauth2/v2/auth")
.scopes("openid")
.responseType("id_token")
.responseMode("fragment")
.signingKey(serializeJson(
jsonObject(
jsonProperty("keys", jsonArray(jsonObject(
jsonProperty("alg", "RS256"),
jsonProperty("e", "AQAB"),
jsonProperty("kid", "..."),
jsonProperty("kty", "RSA"),
jsonProperty("n", "..."),
jsonProperty("use", "sig")
)))
)))
.build())
.build());
}
}
resources:
provider:
type: opentelekomcloud:IdentityProviderV3
properties:
description: This is simple identity provider
enabled: true
mapping:
type: opentelekomcloud:IdentityMappingV3
properties:
mappingId: ACME
rules:
fn::readFile: ./rules.json
saml:
type: opentelekomcloud:IdentityProtocolV3
properties:
protocol: oidc
providerId: ${provider.identityProviderV3Id}
mappingId: ${mapping.identityMappingV3Id}
accessConfig:
accessType: program_console
providerUrl: https://accounts.example.com
clientId: your_client_id
authorizationEndpoint: https://accounts.example.com/o/oauth2/v2/auth
scopes:
- openid
responseType: id_token
responseMode: fragment
signingKey:
fn::toJSON:
keys:
- alg: RS256
e: AQAB
kid: '...'
kty: RSA
n: '...'
use: sig
Import SAML metadata file
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";
const provider = new opentelekomcloud.IdentityProviderV3("provider", {
description: "This is simple identity provider",
enabled: true,
});
const mapping = new opentelekomcloud.IdentityMappingV3("mapping", {
mappingId: "ACME",
rules: fs.readFileSync("./rules.json", "utf8"),
});
const saml = new opentelekomcloud.IdentityProtocolV3("saml", {
protocol: "saml",
providerId: provider.identityProviderV3Id,
mappingId: mapping.identityMappingV3Id,
metadata: {
domainId: _var.domain_id,
metadata: fs.readFileSync("saml-metadata.xml", "utf8"),
},
});
import pulumi
import pulumi_opentelekomcloud as opentelekomcloud
provider = opentelekomcloud.IdentityProviderV3("provider",
description="This is simple identity provider",
enabled=True)
mapping = opentelekomcloud.IdentityMappingV3("mapping",
mapping_id="ACME",
rules=(lambda path: open(path).read())("./rules.json"))
saml = opentelekomcloud.IdentityProtocolV3("saml",
protocol="saml",
provider_id=provider.identity_provider_v3_id,
mapping_id=mapping.identity_mapping_v3_id,
metadata={
"domain_id": var["domain_id"],
"metadata": (lambda path: open(path).read())("saml-metadata.xml"),
})
package main
import (
"os"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
provider, err := opentelekomcloud.NewIdentityProviderV3(ctx, "provider", &opentelekomcloud.IdentityProviderV3Args{
Description: pulumi.String("This is simple identity provider"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
mapping, err := opentelekomcloud.NewIdentityMappingV3(ctx, "mapping", &opentelekomcloud.IdentityMappingV3Args{
MappingId: pulumi.String("ACME"),
Rules: pulumi.String(readFileOrPanic("./rules.json")),
})
if err != nil {
return err
}
_, err = opentelekomcloud.NewIdentityProtocolV3(ctx, "saml", &opentelekomcloud.IdentityProtocolV3Args{
Protocol: pulumi.String("saml"),
ProviderId: provider.IdentityProviderV3Id,
MappingId: mapping.IdentityMappingV3Id,
Metadata: &opentelekomcloud.IdentityProtocolV3MetadataArgs{
DomainId: pulumi.Any(_var.Domain_id),
Metadata: pulumi.String(readFileOrPanic("saml-metadata.xml")),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;
return await Deployment.RunAsync(() =>
{
var provider = new Opentelekomcloud.IdentityProviderV3("provider", new()
{
Description = "This is simple identity provider",
Enabled = true,
});
var mapping = new Opentelekomcloud.IdentityMappingV3("mapping", new()
{
MappingId = "ACME",
Rules = File.ReadAllText("./rules.json"),
});
var saml = new Opentelekomcloud.IdentityProtocolV3("saml", new()
{
Protocol = "saml",
ProviderId = provider.IdentityProviderV3Id,
MappingId = mapping.IdentityMappingV3Id,
Metadata = new Opentelekomcloud.Inputs.IdentityProtocolV3MetadataArgs
{
DomainId = @var.Domain_id,
Metadata = File.ReadAllText("saml-metadata.xml"),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProviderV3;
import com.pulumi.opentelekomcloud.IdentityProviderV3Args;
import com.pulumi.opentelekomcloud.IdentityMappingV3;
import com.pulumi.opentelekomcloud.IdentityMappingV3Args;
import com.pulumi.opentelekomcloud.IdentityProtocolV3;
import com.pulumi.opentelekomcloud.IdentityProtocolV3Args;
import com.pulumi.opentelekomcloud.inputs.IdentityProtocolV3MetadataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var provider = new IdentityProviderV3("provider", IdentityProviderV3Args.builder()
.description("This is simple identity provider")
.enabled(true)
.build());
var mapping = new IdentityMappingV3("mapping", IdentityMappingV3Args.builder()
.mappingId("ACME")
.rules(Files.readString(Paths.get("./rules.json")))
.build());
var saml = new IdentityProtocolV3("saml", IdentityProtocolV3Args.builder()
.protocol("saml")
.providerId(provider.identityProviderV3Id())
.mappingId(mapping.identityMappingV3Id())
.metadata(IdentityProtocolV3MetadataArgs.builder()
.domainId(var_.domain_id())
.metadata(Files.readString(Paths.get("saml-metadata.xml")))
.build())
.build());
}
}
resources:
provider:
type: opentelekomcloud:IdentityProviderV3
properties:
description: This is simple identity provider
enabled: true
mapping:
type: opentelekomcloud:IdentityMappingV3
properties:
mappingId: ACME
rules:
fn::readFile: ./rules.json
saml:
type: opentelekomcloud:IdentityProtocolV3
properties:
protocol: saml
providerId: ${provider.identityProviderV3Id}
mappingId: ${mapping.identityMappingV3Id}
metadata:
domainId: ${var.domain_id}
metadata:
fn::readFile: saml-metadata.xml
Create IdentityProtocolV3 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IdentityProtocolV3(name: string, args: IdentityProtocolV3Args, opts?: CustomResourceOptions);@overload
def IdentityProtocolV3(resource_name: str,
args: IdentityProtocolV3Args,
opts: Optional[ResourceOptions] = None)
@overload
def IdentityProtocolV3(resource_name: str,
opts: Optional[ResourceOptions] = None,
mapping_id: Optional[str] = None,
protocol: Optional[str] = None,
provider_id: Optional[str] = None,
access_config: Optional[IdentityProtocolV3AccessConfigArgs] = None,
identity_protocol_v3_id: Optional[str] = None,
metadata: Optional[IdentityProtocolV3MetadataArgs] = None)func NewIdentityProtocolV3(ctx *Context, name string, args IdentityProtocolV3Args, opts ...ResourceOption) (*IdentityProtocolV3, error)public IdentityProtocolV3(string name, IdentityProtocolV3Args args, CustomResourceOptions? opts = null)public IdentityProtocolV3(String name, IdentityProtocolV3Args args)
public IdentityProtocolV3(String name, IdentityProtocolV3Args args, CustomResourceOptions options)
type: opentelekomcloud:IdentityProtocolV3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IdentityProtocolV3Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. IdentityProtocolV3Args - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IdentityProtocolV3Args - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IdentityProtocolV3Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. IdentityProtocolV3Args - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var identityProtocolV3Resource = new Opentelekomcloud.IdentityProtocolV3("identityProtocolV3Resource", new()
{
MappingId = "string",
Protocol = "string",
ProviderId = "string",
AccessConfig = new Opentelekomcloud.Inputs.IdentityProtocolV3AccessConfigArgs
{
AccessType = "string",
ClientId = "string",
ProviderUrl = "string",
SigningKey = "string",
AuthorizationEndpoint = "string",
ResponseMode = "string",
ResponseType = "string",
Scopes = new[]
{
"string",
},
},
IdentityProtocolV3Id = "string",
Metadata = new Opentelekomcloud.Inputs.IdentityProtocolV3MetadataArgs
{
DomainId = "string",
Metadata = "string",
XaccountType = "string",
},
});
example, err := opentelekomcloud.NewIdentityProtocolV3(ctx, "identityProtocolV3Resource", &opentelekomcloud.IdentityProtocolV3Args{
MappingId: pulumi.String("string"),
Protocol: pulumi.String("string"),
ProviderId: pulumi.String("string"),
AccessConfig: &opentelekomcloud.IdentityProtocolV3AccessConfigArgs{
AccessType: pulumi.String("string"),
ClientId: pulumi.String("string"),
ProviderUrl: pulumi.String("string"),
SigningKey: pulumi.String("string"),
AuthorizationEndpoint: pulumi.String("string"),
ResponseMode: pulumi.String("string"),
ResponseType: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
},
IdentityProtocolV3Id: pulumi.String("string"),
Metadata: &opentelekomcloud.IdentityProtocolV3MetadataArgs{
DomainId: pulumi.String("string"),
Metadata: pulumi.String("string"),
XaccountType: pulumi.String("string"),
},
})
var identityProtocolV3Resource = new IdentityProtocolV3("identityProtocolV3Resource", IdentityProtocolV3Args.builder()
.mappingId("string")
.protocol("string")
.providerId("string")
.accessConfig(IdentityProtocolV3AccessConfigArgs.builder()
.accessType("string")
.clientId("string")
.providerUrl("string")
.signingKey("string")
.authorizationEndpoint("string")
.responseMode("string")
.responseType("string")
.scopes("string")
.build())
.identityProtocolV3Id("string")
.metadata(IdentityProtocolV3MetadataArgs.builder()
.domainId("string")
.metadata("string")
.xaccountType("string")
.build())
.build());
identity_protocol_v3_resource = opentelekomcloud.IdentityProtocolV3("identityProtocolV3Resource",
mapping_id="string",
protocol="string",
provider_id="string",
access_config={
"access_type": "string",
"client_id": "string",
"provider_url": "string",
"signing_key": "string",
"authorization_endpoint": "string",
"response_mode": "string",
"response_type": "string",
"scopes": ["string"],
},
identity_protocol_v3_id="string",
metadata={
"domain_id": "string",
"metadata": "string",
"xaccount_type": "string",
})
const identityProtocolV3Resource = new opentelekomcloud.IdentityProtocolV3("identityProtocolV3Resource", {
mappingId: "string",
protocol: "string",
providerId: "string",
accessConfig: {
accessType: "string",
clientId: "string",
providerUrl: "string",
signingKey: "string",
authorizationEndpoint: "string",
responseMode: "string",
responseType: "string",
scopes: ["string"],
},
identityProtocolV3Id: "string",
metadata: {
domainId: "string",
metadata: "string",
xaccountType: "string",
},
});
type: opentelekomcloud:IdentityProtocolV3
properties:
accessConfig:
accessType: string
authorizationEndpoint: string
clientId: string
providerUrl: string
responseMode: string
responseType: string
scopes:
- string
signingKey: string
identityProtocolV3Id: string
mappingId: string
metadata:
domainId: string
metadata: string
xaccountType: string
protocol: string
providerId: string
IdentityProtocolV3 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IdentityProtocolV3 resource accepts the following input properties:
- Mapping
Id This property is required. string - ID of an identity mapping.
- Protocol
This property is required. string - ID of a protocol. Changing this creates a new protocol.
- Provider
Id This property is required. string - ID of an identity provider. Changing this creates a new protocol.
- Access
Config IdentityProtocol V3Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Identity
Protocol stringV3Id - Metadata
Identity
Protocol V3Metadata - Metadata file configuration.
- Mapping
Id This property is required. string - ID of an identity mapping.
- Protocol
This property is required. string - ID of a protocol. Changing this creates a new protocol.
- Provider
Id This property is required. string - ID of an identity provider. Changing this creates a new protocol.
- Access
Config IdentityProtocol V3Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Identity
Protocol stringV3Id - Metadata
Identity
Protocol V3Metadata Args - Metadata file configuration.
- mapping
Id This property is required. String - ID of an identity mapping.
- protocol
This property is required. String - ID of a protocol. Changing this creates a new protocol.
- provider
Id This property is required. String - ID of an identity provider. Changing this creates a new protocol.
- access
Config IdentityProtocol V3Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity
Protocol StringV3Id - metadata
Identity
Protocol V3Metadata - Metadata file configuration.
- mapping
Id This property is required. string - ID of an identity mapping.
- protocol
This property is required. string - ID of a protocol. Changing this creates a new protocol.
- provider
Id This property is required. string - ID of an identity provider. Changing this creates a new protocol.
- access
Config IdentityProtocol V3Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity
Protocol stringV3Id - metadata
Identity
Protocol V3Metadata - Metadata file configuration.
- mapping_
id This property is required. str - ID of an identity mapping.
- protocol
This property is required. str - ID of a protocol. Changing this creates a new protocol.
- provider_
id This property is required. str - ID of an identity provider. Changing this creates a new protocol.
- access_
config IdentityProtocol V3Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity_
protocol_ strv3_ id - metadata
Identity
Protocol V3Metadata Args - Metadata file configuration.
- mapping
Id This property is required. String - ID of an identity mapping.
- protocol
This property is required. String - ID of a protocol. Changing this creates a new protocol.
- provider
Id This property is required. String - ID of an identity provider. Changing this creates a new protocol.
- access
Config Property Map - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity
Protocol StringV3Id - metadata Property Map
- Metadata file configuration.
Outputs
All input properties are implicitly available as output properties. Additionally, the IdentityProtocolV3 resource produces the following output properties:
Look up Existing IdentityProtocolV3 Resource
Get an existing IdentityProtocolV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IdentityProtocolV3State, opts?: CustomResourceOptions): IdentityProtocolV3@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_config: Optional[IdentityProtocolV3AccessConfigArgs] = None,
identity_protocol_v3_id: Optional[str] = None,
links: Optional[Mapping[str, str]] = None,
mapping_id: Optional[str] = None,
metadata: Optional[IdentityProtocolV3MetadataArgs] = None,
protocol: Optional[str] = None,
provider_id: Optional[str] = None) -> IdentityProtocolV3func GetIdentityProtocolV3(ctx *Context, name string, id IDInput, state *IdentityProtocolV3State, opts ...ResourceOption) (*IdentityProtocolV3, error)public static IdentityProtocolV3 Get(string name, Input<string> id, IdentityProtocolV3State? state, CustomResourceOptions? opts = null)public static IdentityProtocolV3 get(String name, Output<String> id, IdentityProtocolV3State state, CustomResourceOptions options)resources: _: type: opentelekomcloud:IdentityProtocolV3 get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Access
Config IdentityProtocol V3Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Identity
Protocol stringV3Id - Links Dictionary<string, string>
- Resource links of an identity protocol, including
identity_providerandself. - Mapping
Id string - ID of an identity mapping.
- Metadata
Identity
Protocol V3Metadata - Metadata file configuration.
- Protocol string
- ID of a protocol. Changing this creates a new protocol.
- Provider
Id string - ID of an identity provider. Changing this creates a new protocol.
- Access
Config IdentityProtocol V3Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- Identity
Protocol stringV3Id - Links map[string]string
- Resource links of an identity protocol, including
identity_providerandself. - Mapping
Id string - ID of an identity mapping.
- Metadata
Identity
Protocol V3Metadata Args - Metadata file configuration.
- Protocol string
- ID of a protocol. Changing this creates a new protocol.
- Provider
Id string - ID of an identity provider. Changing this creates a new protocol.
- access
Config IdentityProtocol V3Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity
Protocol StringV3Id - links Map<String,String>
- Resource links of an identity protocol, including
identity_providerandself. - mapping
Id String - ID of an identity mapping.
- metadata
Identity
Protocol V3Metadata - Metadata file configuration.
- protocol String
- ID of a protocol. Changing this creates a new protocol.
- provider
Id String - ID of an identity provider. Changing this creates a new protocol.
- access
Config IdentityProtocol V3Access Config - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity
Protocol stringV3Id - links {[key: string]: string}
- Resource links of an identity protocol, including
identity_providerandself. - mapping
Id string - ID of an identity mapping.
- metadata
Identity
Protocol V3Metadata - Metadata file configuration.
- protocol string
- ID of a protocol. Changing this creates a new protocol.
- provider
Id string - ID of an identity provider. Changing this creates a new protocol.
- access_
config IdentityProtocol V3Access Config Args - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity_
protocol_ strv3_ id - links Mapping[str, str]
- Resource links of an identity protocol, including
identity_providerandself. - mapping_
id str - ID of an identity mapping.
- metadata
Identity
Protocol V3Metadata Args - Metadata file configuration.
- protocol str
- ID of a protocol. Changing this creates a new protocol.
- provider_
id str - ID of an identity provider. Changing this creates a new protocol.
- access
Config Property Map - Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
- identity
Protocol StringV3Id - links Map<String>
- Resource links of an identity protocol, including
identity_providerandself. - mapping
Id String - ID of an identity mapping.
- metadata Property Map
- Metadata file configuration.
- protocol String
- ID of a protocol. Changing this creates a new protocol.
- provider
Id String - ID of an identity provider. Changing this creates a new protocol.
Supporting Types
IdentityProtocolV3AccessConfig, IdentityProtocolV3AccessConfigArgs
, IdentityProtocolV3AccessConfigArgs
- Access
Type This property is required. string - Specifies the access type of the identity provider. Available options are:
- Client
Id This property is required. string - Specifies the ID of a client registered with the OpenID Connect identity provider.
- Provider
Url This property is required. string - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- Signing
Key This property is required. string - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- string
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - Response
Mode string - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - Response
Type string - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - Scopes List<string>
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- Access
Type This property is required. string - Specifies the access type of the identity provider. Available options are:
- Client
Id This property is required. string - Specifies the ID of a client registered with the OpenID Connect identity provider.
- Provider
Url This property is required. string - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- Signing
Key This property is required. string - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- string
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - Response
Mode string - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - Response
Type string - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - Scopes []string
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access
Type This property is required. String - Specifies the access type of the identity provider. Available options are:
- client
Id This property is required. String - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider
Url This property is required. String - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing
Key This property is required. String - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- String
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response
Mode String - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response
Type String - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes List<String>
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access
Type This property is required. string - Specifies the access type of the identity provider. Available options are:
- client
Id This property is required. string - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider
Url This property is required. string - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing
Key This property is required. string - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- string
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response
Mode string - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response
Type string - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes string[]
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access_
type This property is required. str - Specifies the access type of the identity provider. Available options are:
- client_
id This property is required. str - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider_
url This property is required. str - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing_
key This property is required. str - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- str
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response_
mode str - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response_
type str - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes Sequence[str]
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
- access
Type This property is required. String - Specifies the access type of the identity provider. Available options are:
- client
Id This property is required. String - Specifies the ID of a client registered with the OpenID Connect identity provider.
- provider
Url This property is required. String - Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
- signing
Key This property is required. String - Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
- String
- Specifies the authorization endpoint of the OpenID Connect identity
provider. This field is required only if the access type is set to
program_console. - response
Mode String - Response mode.
Valid values is form_post and fragment, default value is form_post.
This field is required only if the access type is set to
program_console. - response
Type String - Response type. Valid values is id_token, default value is id_token.
This field is required only if the access type is set to
program_console. - scopes List<String>
Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to
program_console.NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.
IdentityProtocolV3Metadata, IdentityProtocolV3MetadataArgs
, IdentityProtocolV3MetadataArgs
- Domain
Id This property is required. string - ID of the domain that a user belongs to.
- Metadata
This property is required. string - Content of the metadata file on the IdP server.
- Xaccount
Type string - Source of a domain. Blank by the default.
- Domain
Id This property is required. string - ID of the domain that a user belongs to.
- Metadata
This property is required. string - Content of the metadata file on the IdP server.
- Xaccount
Type string - Source of a domain. Blank by the default.
- domain
Id This property is required. String - ID of the domain that a user belongs to.
- metadata
This property is required. String - Content of the metadata file on the IdP server.
- xaccount
Type String - Source of a domain. Blank by the default.
- domain
Id This property is required. string - ID of the domain that a user belongs to.
- metadata
This property is required. string - Content of the metadata file on the IdP server.
- xaccount
Type string - Source of a domain. Blank by the default.
- domain_
id This property is required. str - ID of the domain that a user belongs to.
- metadata
This property is required. str - Content of the metadata file on the IdP server.
- xaccount_
type str - Source of a domain. Blank by the default.
- domain
Id This property is required. String - ID of the domain that a user belongs to.
- metadata
This property is required. String - Content of the metadata file on the IdP server.
- xaccount
Type String - Source of a domain. Blank by the default.
Import
Protocols can be imported using the provider_id/protocol, e.g.
$ pulumi import opentelekomcloud:index/identityProtocolV3:IdentityProtocolV3 protocol ACME/saml
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- opentelekomcloud opentelekomcloud/terraform-provider-opentelekomcloud
- License
- Notes
- This Pulumi package is based on the
opentelekomcloudTerraform Provider.
opentelekomcloud 1.36.37 published on Thursday, Apr 24, 2025 by opentelekomcloud