1. Packages
  2. Opentelekomcloud Provider
  3. API Docs
  4. IdentityProtocolV3
opentelekomcloud 1.36.37 published on Thursday, Apr 24, 2025 by opentelekomcloud

opentelekomcloud.IdentityProtocolV3

Explore with Pulumi AI

Up-to-date reference of API arguments for IAM protocol you can get at documentation portal

Manages identity protocol resource providing binding between identity provider and identity mappings.

You must have security admin privileges in your OpenTelekomCloud cloud to use this resource. Please refer to User Management Model.

Example Usage

Basic SAML example

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";

const provider = new opentelekomcloud.IdentityProviderV3("provider", {
    description: "This is simple identity provider",
    enabled: true,
});
const mapping = new opentelekomcloud.IdentityMappingV3("mapping", {
    mappingId: "ACME",
    rules: fs.readFileSync("./rules.json", "utf8"),
});
const saml = new opentelekomcloud.IdentityProtocolV3("saml", {
    protocol: "saml",
    providerId: provider.identityProviderV3Id,
    mappingId: mapping.identityMappingV3Id,
});
Copy
import pulumi
import pulumi_opentelekomcloud as opentelekomcloud

provider = opentelekomcloud.IdentityProviderV3("provider",
    description="This is simple identity provider",
    enabled=True)
mapping = opentelekomcloud.IdentityMappingV3("mapping",
    mapping_id="ACME",
    rules=(lambda path: open(path).read())("./rules.json"))
saml = opentelekomcloud.IdentityProtocolV3("saml",
    protocol="saml",
    provider_id=provider.identity_provider_v3_id,
    mapping_id=mapping.identity_mapping_v3_id)
Copy
package main

import (
	"os"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		provider, err := opentelekomcloud.NewIdentityProviderV3(ctx, "provider", &opentelekomcloud.IdentityProviderV3Args{
			Description: pulumi.String("This is simple identity provider"),
			Enabled:     pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		mapping, err := opentelekomcloud.NewIdentityMappingV3(ctx, "mapping", &opentelekomcloud.IdentityMappingV3Args{
			MappingId: pulumi.String("ACME"),
			Rules:     pulumi.String(readFileOrPanic("./rules.json")),
		})
		if err != nil {
			return err
		}
		_, err = opentelekomcloud.NewIdentityProtocolV3(ctx, "saml", &opentelekomcloud.IdentityProtocolV3Args{
			Protocol:   pulumi.String("saml"),
			ProviderId: provider.IdentityProviderV3Id,
			MappingId:  mapping.IdentityMappingV3Id,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;

return await Deployment.RunAsync(() => 
{
    var provider = new Opentelekomcloud.IdentityProviderV3("provider", new()
    {
        Description = "This is simple identity provider",
        Enabled = true,
    });

    var mapping = new Opentelekomcloud.IdentityMappingV3("mapping", new()
    {
        MappingId = "ACME",
        Rules = File.ReadAllText("./rules.json"),
    });

    var saml = new Opentelekomcloud.IdentityProtocolV3("saml", new()
    {
        Protocol = "saml",
        ProviderId = provider.IdentityProviderV3Id,
        MappingId = mapping.IdentityMappingV3Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProviderV3;
import com.pulumi.opentelekomcloud.IdentityProviderV3Args;
import com.pulumi.opentelekomcloud.IdentityMappingV3;
import com.pulumi.opentelekomcloud.IdentityMappingV3Args;
import com.pulumi.opentelekomcloud.IdentityProtocolV3;
import com.pulumi.opentelekomcloud.IdentityProtocolV3Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var provider = new IdentityProviderV3("provider", IdentityProviderV3Args.builder()
            .description("This is simple identity provider")
            .enabled(true)
            .build());

        var mapping = new IdentityMappingV3("mapping", IdentityMappingV3Args.builder()
            .mappingId("ACME")
            .rules(Files.readString(Paths.get("./rules.json")))
            .build());

        var saml = new IdentityProtocolV3("saml", IdentityProtocolV3Args.builder()
            .protocol("saml")
            .providerId(provider.identityProviderV3Id())
            .mappingId(mapping.identityMappingV3Id())
            .build());

    }
}
Copy
resources:
  provider:
    type: opentelekomcloud:IdentityProviderV3
    properties:
      description: This is simple identity provider
      enabled: true
  mapping:
    type: opentelekomcloud:IdentityMappingV3
    properties:
      mappingId: ACME
      rules:
        fn::readFile: ./rules.json
  saml:
    type: opentelekomcloud:IdentityProtocolV3
    properties:
      protocol: saml
      providerId: ${provider.identityProviderV3Id}
      mappingId: ${mapping.identityMappingV3Id}
Copy

Basic OIDC example

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";

const provider = new opentelekomcloud.IdentityProviderV3("provider", {
    description: "This is simple identity provider",
    enabled: true,
});
const mapping = new opentelekomcloud.IdentityMappingV3("mapping", {
    mappingId: "ACME",
    rules: fs.readFileSync("./rules.json", "utf8"),
});
const saml = new opentelekomcloud.IdentityProtocolV3("saml", {
    protocol: "oidc",
    providerId: provider.identityProviderV3Id,
    mappingId: mapping.identityMappingV3Id,
    accessConfig: {
        accessType: "program_console",
        providerUrl: "https://accounts.example.com",
        clientId: "your_client_id",
        authorizationEndpoint: "https://accounts.example.com/o/oauth2/v2/auth",
        scopes: ["openid"],
        responseType: "id_token",
        responseMode: "fragment",
        signingKey: JSON.stringify({
            keys: [{
                alg: "RS256",
                e: "AQAB",
                kid: "...",
                kty: "RSA",
                n: "...",
                use: "sig",
            }],
        }),
    },
});
Copy
import pulumi
import json
import pulumi_opentelekomcloud as opentelekomcloud

provider = opentelekomcloud.IdentityProviderV3("provider",
    description="This is simple identity provider",
    enabled=True)
mapping = opentelekomcloud.IdentityMappingV3("mapping",
    mapping_id="ACME",
    rules=(lambda path: open(path).read())("./rules.json"))
saml = opentelekomcloud.IdentityProtocolV3("saml",
    protocol="oidc",
    provider_id=provider.identity_provider_v3_id,
    mapping_id=mapping.identity_mapping_v3_id,
    access_config={
        "access_type": "program_console",
        "provider_url": "https://accounts.example.com",
        "client_id": "your_client_id",
        "authorization_endpoint": "https://accounts.example.com/o/oauth2/v2/auth",
        "scopes": ["openid"],
        "response_type": "id_token",
        "response_mode": "fragment",
        "signing_key": json.dumps({
            "keys": [{
                "alg": "RS256",
                "e": "AQAB",
                "kid": "...",
                "kty": "RSA",
                "n": "...",
                "use": "sig",
            }],
        }),
    })
Copy
package main

import (
	"encoding/json"
	"os"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		provider, err := opentelekomcloud.NewIdentityProviderV3(ctx, "provider", &opentelekomcloud.IdentityProviderV3Args{
			Description: pulumi.String("This is simple identity provider"),
			Enabled:     pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		mapping, err := opentelekomcloud.NewIdentityMappingV3(ctx, "mapping", &opentelekomcloud.IdentityMappingV3Args{
			MappingId: pulumi.String("ACME"),
			Rules:     pulumi.String(readFileOrPanic("./rules.json")),
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"keys": []map[string]interface{}{
				map[string]interface{}{
					"alg": "RS256",
					"e":   "AQAB",
					"kid": "...",
					"kty": "RSA",
					"n":   "...",
					"use": "sig",
				},
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = opentelekomcloud.NewIdentityProtocolV3(ctx, "saml", &opentelekomcloud.IdentityProtocolV3Args{
			Protocol:   pulumi.String("oidc"),
			ProviderId: provider.IdentityProviderV3Id,
			MappingId:  mapping.IdentityMappingV3Id,
			AccessConfig: &opentelekomcloud.IdentityProtocolV3AccessConfigArgs{
				AccessType:            pulumi.String("program_console"),
				ProviderUrl:           pulumi.String("https://accounts.example.com"),
				ClientId:              pulumi.String("your_client_id"),
				AuthorizationEndpoint: pulumi.String("https://accounts.example.com/o/oauth2/v2/auth"),
				Scopes: pulumi.StringArray{
					pulumi.String("openid"),
				},
				ResponseType: pulumi.String("id_token"),
				ResponseMode: pulumi.String("fragment"),
				SigningKey:   pulumi.String(json0),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;

return await Deployment.RunAsync(() => 
{
    var provider = new Opentelekomcloud.IdentityProviderV3("provider", new()
    {
        Description = "This is simple identity provider",
        Enabled = true,
    });

    var mapping = new Opentelekomcloud.IdentityMappingV3("mapping", new()
    {
        MappingId = "ACME",
        Rules = File.ReadAllText("./rules.json"),
    });

    var saml = new Opentelekomcloud.IdentityProtocolV3("saml", new()
    {
        Protocol = "oidc",
        ProviderId = provider.IdentityProviderV3Id,
        MappingId = mapping.IdentityMappingV3Id,
        AccessConfig = new Opentelekomcloud.Inputs.IdentityProtocolV3AccessConfigArgs
        {
            AccessType = "program_console",
            ProviderUrl = "https://accounts.example.com",
            ClientId = "your_client_id",
            AuthorizationEndpoint = "https://accounts.example.com/o/oauth2/v2/auth",
            Scopes = new[]
            {
                "openid",
            },
            ResponseType = "id_token",
            ResponseMode = "fragment",
            SigningKey = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["keys"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["alg"] = "RS256",
                        ["e"] = "AQAB",
                        ["kid"] = "...",
                        ["kty"] = "RSA",
                        ["n"] = "...",
                        ["use"] = "sig",
                    },
                },
            }),
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProviderV3;
import com.pulumi.opentelekomcloud.IdentityProviderV3Args;
import com.pulumi.opentelekomcloud.IdentityMappingV3;
import com.pulumi.opentelekomcloud.IdentityMappingV3Args;
import com.pulumi.opentelekomcloud.IdentityProtocolV3;
import com.pulumi.opentelekomcloud.IdentityProtocolV3Args;
import com.pulumi.opentelekomcloud.inputs.IdentityProtocolV3AccessConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var provider = new IdentityProviderV3("provider", IdentityProviderV3Args.builder()
            .description("This is simple identity provider")
            .enabled(true)
            .build());

        var mapping = new IdentityMappingV3("mapping", IdentityMappingV3Args.builder()
            .mappingId("ACME")
            .rules(Files.readString(Paths.get("./rules.json")))
            .build());

        var saml = new IdentityProtocolV3("saml", IdentityProtocolV3Args.builder()
            .protocol("oidc")
            .providerId(provider.identityProviderV3Id())
            .mappingId(mapping.identityMappingV3Id())
            .accessConfig(IdentityProtocolV3AccessConfigArgs.builder()
                .accessType("program_console")
                .providerUrl("https://accounts.example.com")
                .clientId("your_client_id")
                .authorizationEndpoint("https://accounts.example.com/o/oauth2/v2/auth")
                .scopes("openid")
                .responseType("id_token")
                .responseMode("fragment")
                .signingKey(serializeJson(
                    jsonObject(
                        jsonProperty("keys", jsonArray(jsonObject(
                            jsonProperty("alg", "RS256"),
                            jsonProperty("e", "AQAB"),
                            jsonProperty("kid", "..."),
                            jsonProperty("kty", "RSA"),
                            jsonProperty("n", "..."),
                            jsonProperty("use", "sig")
                        )))
                    )))
                .build())
            .build());

    }
}
Copy
resources:
  provider:
    type: opentelekomcloud:IdentityProviderV3
    properties:
      description: This is simple identity provider
      enabled: true
  mapping:
    type: opentelekomcloud:IdentityMappingV3
    properties:
      mappingId: ACME
      rules:
        fn::readFile: ./rules.json
  saml:
    type: opentelekomcloud:IdentityProtocolV3
    properties:
      protocol: oidc
      providerId: ${provider.identityProviderV3Id}
      mappingId: ${mapping.identityMappingV3Id}
      accessConfig:
        accessType: program_console
        providerUrl: https://accounts.example.com
        clientId: your_client_id
        authorizationEndpoint: https://accounts.example.com/o/oauth2/v2/auth
        scopes:
          - openid
        responseType: id_token
        responseMode: fragment
        signingKey:
          fn::toJSON:
            keys:
              - alg: RS256
                e: AQAB
                kid: '...'
                kty: RSA
                n: '...'
                use: sig
Copy

Import SAML metadata file

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";

const provider = new opentelekomcloud.IdentityProviderV3("provider", {
    description: "This is simple identity provider",
    enabled: true,
});
const mapping = new opentelekomcloud.IdentityMappingV3("mapping", {
    mappingId: "ACME",
    rules: fs.readFileSync("./rules.json", "utf8"),
});
const saml = new opentelekomcloud.IdentityProtocolV3("saml", {
    protocol: "saml",
    providerId: provider.identityProviderV3Id,
    mappingId: mapping.identityMappingV3Id,
    metadata: {
        domainId: _var.domain_id,
        metadata: fs.readFileSync("saml-metadata.xml", "utf8"),
    },
});
Copy
import pulumi
import pulumi_opentelekomcloud as opentelekomcloud

provider = opentelekomcloud.IdentityProviderV3("provider",
    description="This is simple identity provider",
    enabled=True)
mapping = opentelekomcloud.IdentityMappingV3("mapping",
    mapping_id="ACME",
    rules=(lambda path: open(path).read())("./rules.json"))
saml = opentelekomcloud.IdentityProtocolV3("saml",
    protocol="saml",
    provider_id=provider.identity_provider_v3_id,
    mapping_id=mapping.identity_mapping_v3_id,
    metadata={
        "domain_id": var["domain_id"],
        "metadata": (lambda path: open(path).read())("saml-metadata.xml"),
    })
Copy
package main

import (
	"os"

	"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		provider, err := opentelekomcloud.NewIdentityProviderV3(ctx, "provider", &opentelekomcloud.IdentityProviderV3Args{
			Description: pulumi.String("This is simple identity provider"),
			Enabled:     pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		mapping, err := opentelekomcloud.NewIdentityMappingV3(ctx, "mapping", &opentelekomcloud.IdentityMappingV3Args{
			MappingId: pulumi.String("ACME"),
			Rules:     pulumi.String(readFileOrPanic("./rules.json")),
		})
		if err != nil {
			return err
		}
		_, err = opentelekomcloud.NewIdentityProtocolV3(ctx, "saml", &opentelekomcloud.IdentityProtocolV3Args{
			Protocol:   pulumi.String("saml"),
			ProviderId: provider.IdentityProviderV3Id,
			MappingId:  mapping.IdentityMappingV3Id,
			Metadata: &opentelekomcloud.IdentityProtocolV3MetadataArgs{
				DomainId: pulumi.Any(_var.Domain_id),
				Metadata: pulumi.String(readFileOrPanic("saml-metadata.xml")),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;

return await Deployment.RunAsync(() => 
{
    var provider = new Opentelekomcloud.IdentityProviderV3("provider", new()
    {
        Description = "This is simple identity provider",
        Enabled = true,
    });

    var mapping = new Opentelekomcloud.IdentityMappingV3("mapping", new()
    {
        MappingId = "ACME",
        Rules = File.ReadAllText("./rules.json"),
    });

    var saml = new Opentelekomcloud.IdentityProtocolV3("saml", new()
    {
        Protocol = "saml",
        ProviderId = provider.IdentityProviderV3Id,
        MappingId = mapping.IdentityMappingV3Id,
        Metadata = new Opentelekomcloud.Inputs.IdentityProtocolV3MetadataArgs
        {
            DomainId = @var.Domain_id,
            Metadata = File.ReadAllText("saml-metadata.xml"),
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityProviderV3;
import com.pulumi.opentelekomcloud.IdentityProviderV3Args;
import com.pulumi.opentelekomcloud.IdentityMappingV3;
import com.pulumi.opentelekomcloud.IdentityMappingV3Args;
import com.pulumi.opentelekomcloud.IdentityProtocolV3;
import com.pulumi.opentelekomcloud.IdentityProtocolV3Args;
import com.pulumi.opentelekomcloud.inputs.IdentityProtocolV3MetadataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var provider = new IdentityProviderV3("provider", IdentityProviderV3Args.builder()
            .description("This is simple identity provider")
            .enabled(true)
            .build());

        var mapping = new IdentityMappingV3("mapping", IdentityMappingV3Args.builder()
            .mappingId("ACME")
            .rules(Files.readString(Paths.get("./rules.json")))
            .build());

        var saml = new IdentityProtocolV3("saml", IdentityProtocolV3Args.builder()
            .protocol("saml")
            .providerId(provider.identityProviderV3Id())
            .mappingId(mapping.identityMappingV3Id())
            .metadata(IdentityProtocolV3MetadataArgs.builder()
                .domainId(var_.domain_id())
                .metadata(Files.readString(Paths.get("saml-metadata.xml")))
                .build())
            .build());

    }
}
Copy
resources:
  provider:
    type: opentelekomcloud:IdentityProviderV3
    properties:
      description: This is simple identity provider
      enabled: true
  mapping:
    type: opentelekomcloud:IdentityMappingV3
    properties:
      mappingId: ACME
      rules:
        fn::readFile: ./rules.json
  saml:
    type: opentelekomcloud:IdentityProtocolV3
    properties:
      protocol: saml
      providerId: ${provider.identityProviderV3Id}
      mappingId: ${mapping.identityMappingV3Id}
      metadata:
        domainId: ${var.domain_id}
        metadata:
          fn::readFile: saml-metadata.xml
Copy

Create IdentityProtocolV3 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IdentityProtocolV3(name: string, args: IdentityProtocolV3Args, opts?: CustomResourceOptions);
@overload
def IdentityProtocolV3(resource_name: str,
                       args: IdentityProtocolV3Args,
                       opts: Optional[ResourceOptions] = None)

@overload
def IdentityProtocolV3(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       mapping_id: Optional[str] = None,
                       protocol: Optional[str] = None,
                       provider_id: Optional[str] = None,
                       access_config: Optional[IdentityProtocolV3AccessConfigArgs] = None,
                       identity_protocol_v3_id: Optional[str] = None,
                       metadata: Optional[IdentityProtocolV3MetadataArgs] = None)
func NewIdentityProtocolV3(ctx *Context, name string, args IdentityProtocolV3Args, opts ...ResourceOption) (*IdentityProtocolV3, error)
public IdentityProtocolV3(string name, IdentityProtocolV3Args args, CustomResourceOptions? opts = null)
public IdentityProtocolV3(String name, IdentityProtocolV3Args args)
public IdentityProtocolV3(String name, IdentityProtocolV3Args args, CustomResourceOptions options)
type: opentelekomcloud:IdentityProtocolV3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. IdentityProtocolV3Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. IdentityProtocolV3Args
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. IdentityProtocolV3Args
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. IdentityProtocolV3Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. IdentityProtocolV3Args
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var identityProtocolV3Resource = new Opentelekomcloud.IdentityProtocolV3("identityProtocolV3Resource", new()
{
    MappingId = "string",
    Protocol = "string",
    ProviderId = "string",
    AccessConfig = new Opentelekomcloud.Inputs.IdentityProtocolV3AccessConfigArgs
    {
        AccessType = "string",
        ClientId = "string",
        ProviderUrl = "string",
        SigningKey = "string",
        AuthorizationEndpoint = "string",
        ResponseMode = "string",
        ResponseType = "string",
        Scopes = new[]
        {
            "string",
        },
    },
    IdentityProtocolV3Id = "string",
    Metadata = new Opentelekomcloud.Inputs.IdentityProtocolV3MetadataArgs
    {
        DomainId = "string",
        Metadata = "string",
        XaccountType = "string",
    },
});
Copy
example, err := opentelekomcloud.NewIdentityProtocolV3(ctx, "identityProtocolV3Resource", &opentelekomcloud.IdentityProtocolV3Args{
	MappingId:  pulumi.String("string"),
	Protocol:   pulumi.String("string"),
	ProviderId: pulumi.String("string"),
	AccessConfig: &opentelekomcloud.IdentityProtocolV3AccessConfigArgs{
		AccessType:            pulumi.String("string"),
		ClientId:              pulumi.String("string"),
		ProviderUrl:           pulumi.String("string"),
		SigningKey:            pulumi.String("string"),
		AuthorizationEndpoint: pulumi.String("string"),
		ResponseMode:          pulumi.String("string"),
		ResponseType:          pulumi.String("string"),
		Scopes: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	IdentityProtocolV3Id: pulumi.String("string"),
	Metadata: &opentelekomcloud.IdentityProtocolV3MetadataArgs{
		DomainId:     pulumi.String("string"),
		Metadata:     pulumi.String("string"),
		XaccountType: pulumi.String("string"),
	},
})
Copy
var identityProtocolV3Resource = new IdentityProtocolV3("identityProtocolV3Resource", IdentityProtocolV3Args.builder()
    .mappingId("string")
    .protocol("string")
    .providerId("string")
    .accessConfig(IdentityProtocolV3AccessConfigArgs.builder()
        .accessType("string")
        .clientId("string")
        .providerUrl("string")
        .signingKey("string")
        .authorizationEndpoint("string")
        .responseMode("string")
        .responseType("string")
        .scopes("string")
        .build())
    .identityProtocolV3Id("string")
    .metadata(IdentityProtocolV3MetadataArgs.builder()
        .domainId("string")
        .metadata("string")
        .xaccountType("string")
        .build())
    .build());
Copy
identity_protocol_v3_resource = opentelekomcloud.IdentityProtocolV3("identityProtocolV3Resource",
    mapping_id="string",
    protocol="string",
    provider_id="string",
    access_config={
        "access_type": "string",
        "client_id": "string",
        "provider_url": "string",
        "signing_key": "string",
        "authorization_endpoint": "string",
        "response_mode": "string",
        "response_type": "string",
        "scopes": ["string"],
    },
    identity_protocol_v3_id="string",
    metadata={
        "domain_id": "string",
        "metadata": "string",
        "xaccount_type": "string",
    })
Copy
const identityProtocolV3Resource = new opentelekomcloud.IdentityProtocolV3("identityProtocolV3Resource", {
    mappingId: "string",
    protocol: "string",
    providerId: "string",
    accessConfig: {
        accessType: "string",
        clientId: "string",
        providerUrl: "string",
        signingKey: "string",
        authorizationEndpoint: "string",
        responseMode: "string",
        responseType: "string",
        scopes: ["string"],
    },
    identityProtocolV3Id: "string",
    metadata: {
        domainId: "string",
        metadata: "string",
        xaccountType: "string",
    },
});
Copy
type: opentelekomcloud:IdentityProtocolV3
properties:
    accessConfig:
        accessType: string
        authorizationEndpoint: string
        clientId: string
        providerUrl: string
        responseMode: string
        responseType: string
        scopes:
            - string
        signingKey: string
    identityProtocolV3Id: string
    mappingId: string
    metadata:
        domainId: string
        metadata: string
        xaccountType: string
    protocol: string
    providerId: string
Copy

IdentityProtocolV3 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IdentityProtocolV3 resource accepts the following input properties:

MappingId This property is required. string
ID of an identity mapping.
Protocol This property is required. string
ID of a protocol. Changing this creates a new protocol.
ProviderId This property is required. string
ID of an identity provider. Changing this creates a new protocol.
AccessConfig IdentityProtocolV3AccessConfig
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
IdentityProtocolV3Id string
Metadata IdentityProtocolV3Metadata
Metadata file configuration.
MappingId This property is required. string
ID of an identity mapping.
Protocol This property is required. string
ID of a protocol. Changing this creates a new protocol.
ProviderId This property is required. string
ID of an identity provider. Changing this creates a new protocol.
AccessConfig IdentityProtocolV3AccessConfigArgs
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
IdentityProtocolV3Id string
Metadata IdentityProtocolV3MetadataArgs
Metadata file configuration.
mappingId This property is required. String
ID of an identity mapping.
protocol This property is required. String
ID of a protocol. Changing this creates a new protocol.
providerId This property is required. String
ID of an identity provider. Changing this creates a new protocol.
accessConfig IdentityProtocolV3AccessConfig
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identityProtocolV3Id String
metadata IdentityProtocolV3Metadata
Metadata file configuration.
mappingId This property is required. string
ID of an identity mapping.
protocol This property is required. string
ID of a protocol. Changing this creates a new protocol.
providerId This property is required. string
ID of an identity provider. Changing this creates a new protocol.
accessConfig IdentityProtocolV3AccessConfig
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identityProtocolV3Id string
metadata IdentityProtocolV3Metadata
Metadata file configuration.
mapping_id This property is required. str
ID of an identity mapping.
protocol This property is required. str
ID of a protocol. Changing this creates a new protocol.
provider_id This property is required. str
ID of an identity provider. Changing this creates a new protocol.
access_config IdentityProtocolV3AccessConfigArgs
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identity_protocol_v3_id str
metadata IdentityProtocolV3MetadataArgs
Metadata file configuration.
mappingId This property is required. String
ID of an identity mapping.
protocol This property is required. String
ID of a protocol. Changing this creates a new protocol.
providerId This property is required. String
ID of an identity provider. Changing this creates a new protocol.
accessConfig Property Map
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identityProtocolV3Id String
metadata Property Map
Metadata file configuration.

Outputs

All input properties are implicitly available as output properties. Additionally, the IdentityProtocolV3 resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Links Dictionary<string, string>
Resource links of an identity protocol, including identity_provider and self.
Id string
The provider-assigned unique ID for this managed resource.
Links map[string]string
Resource links of an identity protocol, including identity_provider and self.
id String
The provider-assigned unique ID for this managed resource.
links Map<String,String>
Resource links of an identity protocol, including identity_provider and self.
id string
The provider-assigned unique ID for this managed resource.
links {[key: string]: string}
Resource links of an identity protocol, including identity_provider and self.
id str
The provider-assigned unique ID for this managed resource.
links Mapping[str, str]
Resource links of an identity protocol, including identity_provider and self.
id String
The provider-assigned unique ID for this managed resource.
links Map<String>
Resource links of an identity protocol, including identity_provider and self.

Look up Existing IdentityProtocolV3 Resource

Get an existing IdentityProtocolV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IdentityProtocolV3State, opts?: CustomResourceOptions): IdentityProtocolV3
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_config: Optional[IdentityProtocolV3AccessConfigArgs] = None,
        identity_protocol_v3_id: Optional[str] = None,
        links: Optional[Mapping[str, str]] = None,
        mapping_id: Optional[str] = None,
        metadata: Optional[IdentityProtocolV3MetadataArgs] = None,
        protocol: Optional[str] = None,
        provider_id: Optional[str] = None) -> IdentityProtocolV3
func GetIdentityProtocolV3(ctx *Context, name string, id IDInput, state *IdentityProtocolV3State, opts ...ResourceOption) (*IdentityProtocolV3, error)
public static IdentityProtocolV3 Get(string name, Input<string> id, IdentityProtocolV3State? state, CustomResourceOptions? opts = null)
public static IdentityProtocolV3 get(String name, Output<String> id, IdentityProtocolV3State state, CustomResourceOptions options)
resources:  _:    type: opentelekomcloud:IdentityProtocolV3    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccessConfig IdentityProtocolV3AccessConfig
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
IdentityProtocolV3Id string
Links Dictionary<string, string>
Resource links of an identity protocol, including identity_provider and self.
MappingId string
ID of an identity mapping.
Metadata IdentityProtocolV3Metadata
Metadata file configuration.
Protocol string
ID of a protocol. Changing this creates a new protocol.
ProviderId string
ID of an identity provider. Changing this creates a new protocol.
AccessConfig IdentityProtocolV3AccessConfigArgs
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
IdentityProtocolV3Id string
Links map[string]string
Resource links of an identity protocol, including identity_provider and self.
MappingId string
ID of an identity mapping.
Metadata IdentityProtocolV3MetadataArgs
Metadata file configuration.
Protocol string
ID of a protocol. Changing this creates a new protocol.
ProviderId string
ID of an identity provider. Changing this creates a new protocol.
accessConfig IdentityProtocolV3AccessConfig
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identityProtocolV3Id String
links Map<String,String>
Resource links of an identity protocol, including identity_provider and self.
mappingId String
ID of an identity mapping.
metadata IdentityProtocolV3Metadata
Metadata file configuration.
protocol String
ID of a protocol. Changing this creates a new protocol.
providerId String
ID of an identity provider. Changing this creates a new protocol.
accessConfig IdentityProtocolV3AccessConfig
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identityProtocolV3Id string
links {[key: string]: string}
Resource links of an identity protocol, including identity_provider and self.
mappingId string
ID of an identity mapping.
metadata IdentityProtocolV3Metadata
Metadata file configuration.
protocol string
ID of a protocol. Changing this creates a new protocol.
providerId string
ID of an identity provider. Changing this creates a new protocol.
access_config IdentityProtocolV3AccessConfigArgs
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identity_protocol_v3_id str
links Mapping[str, str]
Resource links of an identity protocol, including identity_provider and self.
mapping_id str
ID of an identity mapping.
metadata IdentityProtocolV3MetadataArgs
Metadata file configuration.
protocol str
ID of a protocol. Changing this creates a new protocol.
provider_id str
ID of an identity provider. Changing this creates a new protocol.
accessConfig Property Map
Specifies the description of the identity provider. This field is required only if the protocol is set to oidc.
identityProtocolV3Id String
links Map<String>
Resource links of an identity protocol, including identity_provider and self.
mappingId String
ID of an identity mapping.
metadata Property Map
Metadata file configuration.
protocol String
ID of a protocol. Changing this creates a new protocol.
providerId String
ID of an identity provider. Changing this creates a new protocol.

Supporting Types

IdentityProtocolV3AccessConfig
, IdentityProtocolV3AccessConfigArgs

AccessType This property is required. string
Specifies the access type of the identity provider. Available options are:
ClientId This property is required. string
Specifies the ID of a client registered with the OpenID Connect identity provider.
ProviderUrl This property is required. string
Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
SigningKey This property is required. string
Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
AuthorizationEndpoint string
Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
ResponseMode string
Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
ResponseType string
Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
Scopes List<string>

Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.

AccessType This property is required. string
Specifies the access type of the identity provider. Available options are:
ClientId This property is required. string
Specifies the ID of a client registered with the OpenID Connect identity provider.
ProviderUrl This property is required. string
Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
SigningKey This property is required. string
Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
AuthorizationEndpoint string
Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
ResponseMode string
Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
ResponseType string
Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
Scopes []string

Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.

accessType This property is required. String
Specifies the access type of the identity provider. Available options are:
clientId This property is required. String
Specifies the ID of a client registered with the OpenID Connect identity provider.
providerUrl This property is required. String
Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signingKey This property is required. String
Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorizationEndpoint String
Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
responseMode String
Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
responseType String
Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes List<String>

Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.

accessType This property is required. string
Specifies the access type of the identity provider. Available options are:
clientId This property is required. string
Specifies the ID of a client registered with the OpenID Connect identity provider.
providerUrl This property is required. string
Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signingKey This property is required. string
Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorizationEndpoint string
Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
responseMode string
Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
responseType string
Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes string[]

Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.

access_type This property is required. str
Specifies the access type of the identity provider. Available options are:
client_id This property is required. str
Specifies the ID of a client registered with the OpenID Connect identity provider.
provider_url This property is required. str
Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signing_key This property is required. str
Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorization_endpoint str
Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
response_mode str
Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
response_type str
Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes Sequence[str]

Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.

accessType This property is required. String
Specifies the access type of the identity provider. Available options are:
clientId This property is required. String
Specifies the ID of a client registered with the OpenID Connect identity provider.
providerUrl This property is required. String
Specifies the URL of the identity provider. This field corresponds to the iss field in the ID token.
signingKey This property is required. String
Public key used to sign the ID token of the OpenID Connect identity provider. This field is required only if the protocol is set to oidc.
authorizationEndpoint String
Specifies the authorization endpoint of the OpenID Connect identity provider. This field is required only if the access type is set to program_console.
responseMode String
Response mode. Valid values is form_post and fragment, default value is form_post. This field is required only if the access type is set to program_console.
responseType String
Response type. Valid values is id_token, default value is id_token. This field is required only if the access type is set to program_console.
scopes List<String>

Specifies the scopes of authorization requests. It is an array of one or more scopes. Valid values are openid, email, profile and other values defined by you. This field is required only if the access type is set to program_console.

NOTE: 1. openid must be specified for this field. 2. A maximum of 10 values can be specified, and they must be separated with spaces. Example: openid email host.

IdentityProtocolV3Metadata
, IdentityProtocolV3MetadataArgs

DomainId This property is required. string
ID of the domain that a user belongs to.
Metadata This property is required. string
Content of the metadata file on the IdP server.
XaccountType string
Source of a domain. Blank by the default.
DomainId This property is required. string
ID of the domain that a user belongs to.
Metadata This property is required. string
Content of the metadata file on the IdP server.
XaccountType string
Source of a domain. Blank by the default.
domainId This property is required. String
ID of the domain that a user belongs to.
metadata This property is required. String
Content of the metadata file on the IdP server.
xaccountType String
Source of a domain. Blank by the default.
domainId This property is required. string
ID of the domain that a user belongs to.
metadata This property is required. string
Content of the metadata file on the IdP server.
xaccountType string
Source of a domain. Blank by the default.
domain_id This property is required. str
ID of the domain that a user belongs to.
metadata This property is required. str
Content of the metadata file on the IdP server.
xaccount_type str
Source of a domain. Blank by the default.
domainId This property is required. String
ID of the domain that a user belongs to.
metadata This property is required. String
Content of the metadata file on the IdP server.
xaccountType String
Source of a domain. Blank by the default.

Import

Protocols can be imported using the provider_id/protocol, e.g.

$ pulumi import opentelekomcloud:index/identityProtocolV3:IdentityProtocolV3 protocol ACME/saml
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
opentelekomcloud opentelekomcloud/terraform-provider-opentelekomcloud
License
Notes
This Pulumi package is based on the opentelekomcloud Terraform Provider.