@pulumi/okta 4.6.2 → 4.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/adminRoleCustom.d.ts +129 -10
- package/adminRoleCustom.js +24 -1
- package/adminRoleCustom.js.map +1 -1
- package/adminRoleCustomAssignments.d.ts +25 -10
- package/adminRoleCustomAssignments.js +13 -1
- package/adminRoleCustomAssignments.js.map +1 -1
- package/adminRoleTargets.d.ts +44 -14
- package/adminRoleTargets.js +30 -0
- package/adminRoleTargets.js.map +1 -1
- package/app/accessPolicyAssignment.d.ts +20 -1
- package/app/accessPolicyAssignment.js +20 -1
- package/app/accessPolicyAssignment.js.map +1 -1
- package/app/autoLogin.d.ts +119 -72
- package/app/autoLogin.js +47 -0
- package/app/autoLogin.js.map +1 -1
- package/app/basicAuth.d.ts +66 -38
- package/app/basicAuth.js +28 -0
- package/app/basicAuth.js.map +1 -1
- package/app/bookmark.d.ts +71 -35
- package/app/bookmark.js +27 -0
- package/app/bookmark.js.map +1 -1
- package/app/getApp.d.ts +25 -58
- package/app/getApp.js +2 -2
- package/app/getApp.js.map +1 -1
- package/app/getMetadataSaml.d.ts +5 -11
- package/app/getMetadataSaml.js +2 -2
- package/app/getMetadataSaml.js.map +1 -1
- package/app/getOauth.d.ts +34 -62
- package/app/getOauth.js +2 -2
- package/app/getOauth.js.map +1 -1
- package/app/getSaml.d.ts +55 -75
- package/app/getSaml.js +2 -2
- package/app/getSaml.js.map +1 -1
- package/app/groupAssignment.d.ts +15 -6
- package/app/groupAssignment.js +9 -0
- package/app/groupAssignment.js.map +1 -1
- package/app/oauth.d.ts +301 -123
- package/app/oauth.js +82 -0
- package/app/oauth.js.map +1 -1
- package/app/oauthPostLogoutRedirectUri.d.ts +38 -3
- package/app/oauthPostLogoutRedirectUri.js +35 -0
- package/app/oauthPostLogoutRedirectUri.js.map +1 -1
- package/app/oauthRedirectUri.d.ts +37 -3
- package/app/oauthRedirectUri.js +34 -0
- package/app/oauthRedirectUri.js.map +1 -1
- package/app/saml.d.ts +303 -133
- package/app/saml.js +161 -0
- package/app/saml.js.map +1 -1
- package/app/securePasswordStore.d.ts +109 -79
- package/app/securePasswordStore.js +30 -0
- package/app/securePasswordStore.js.map +1 -1
- package/app/swa.d.ts +102 -72
- package/app/swa.js +30 -0
- package/app/swa.js.map +1 -1
- package/app/threeField.d.ts +87 -72
- package/app/threeField.js +15 -0
- package/app/threeField.js.map +1 -1
- package/app/user.d.ts +37 -12
- package/app/user.js +22 -0
- package/app/user.js.map +1 -1
- package/appGroupAssignments.d.ts +40 -3
- package/appGroupAssignments.js +37 -0
- package/appGroupAssignments.js.map +1 -1
- package/appOauthApiScope.d.ts +36 -3
- package/appOauthApiScope.js +33 -0
- package/appOauthApiScope.js.map +1 -1
- package/appSamlAppSettings.d.ts +44 -6
- package/appSamlAppSettings.js +38 -0
- package/appSamlAppSettings.js.map +1 -1
- package/appSharedCredentials.d.ts +115 -72
- package/appSharedCredentials.js +43 -0
- package/appSharedCredentials.js.map +1 -1
- package/appSignonPolicy.d.ts +44 -6
- package/appSignonPolicy.js +38 -0
- package/appSignonPolicy.js.map +1 -1
- package/appSignonPolicyRule.d.ts +327 -68
- package/appSignonPolicyRule.js +244 -0
- package/appSignonPolicyRule.js.map +1 -1
- package/appUserBaseSchemaProperty.d.ts +52 -24
- package/appUserBaseSchemaProperty.js +28 -0
- package/appUserBaseSchemaProperty.js.map +1 -1
- package/appUserSchemaProperty.d.ts +80 -54
- package/appUserSchemaProperty.js +26 -0
- package/appUserSchemaProperty.js.map +1 -1
- package/auth/getServer.d.ts +11 -11
- package/auth/getServer.js +2 -2
- package/auth/getServerPolicy.d.ts +9 -15
- package/auth/getServerPolicy.js +2 -2
- package/auth/getServerPolicy.js.map +1 -1
- package/auth/getServerScopes.d.ts +5 -8
- package/auth/getServerScopes.js +2 -2
- package/auth/getServerScopes.js.map +1 -1
- package/auth/server.d.ts +49 -13
- package/auth/server.js +27 -0
- package/auth/server.js.map +1 -1
- package/auth/serverClaim.d.ts +54 -18
- package/auth/serverClaim.js +27 -0
- package/auth/serverClaim.js.map +1 -1
- package/auth/serverPolicy.d.ts +43 -6
- package/auth/serverPolicy.js +28 -0
- package/auth/serverPolicy.js.map +1 -1
- package/auth/serverPolicyRule.d.ts +72 -29
- package/auth/serverPolicyRule.js +25 -0
- package/auth/serverPolicyRule.js.map +1 -1
- package/auth/serverScope.d.ts +41 -15
- package/auth/serverScope.js +26 -0
- package/auth/serverScope.js.map +1 -1
- package/authServerClaimDefault.d.ts +50 -13
- package/authServerClaimDefault.js +31 -0
- package/authServerClaimDefault.js.map +1 -1
- package/authServerDefault.d.ts +47 -13
- package/authServerDefault.js +25 -0
- package/authServerDefault.js.map +1 -1
- package/authenticator.d.ts +94 -38
- package/authenticator.js +38 -0
- package/authenticator.js.map +1 -1
- package/behaviour.d.ts +78 -18
- package/behaviour.js +42 -0
- package/behaviour.js.map +1 -1
- package/brand.d.ts +28 -19
- package/brand.js +10 -1
- package/brand.js.map +1 -1
- package/captcha.d.ts +38 -12
- package/captcha.js +26 -0
- package/captcha.js.map +1 -1
- package/captchaOrgWideSettings.d.ts +51 -6
- package/captchaOrgWideSettings.js +45 -0
- package/captchaOrgWideSettings.js.map +1 -1
- package/domain.d.ts +39 -13
- package/domain.js +20 -0
- package/domain.js.map +1 -1
- package/domainCertificate.d.ts +63 -15
- package/domainCertificate.js +48 -0
- package/domainCertificate.js.map +1 -1
- package/domainVerification.d.ts +22 -3
- package/domainVerification.js +19 -0
- package/domainVerification.js.map +1 -1
- package/emailCustomization.d.ts +224 -3
- package/emailCustomization.js +41 -0
- package/emailCustomization.js.map +1 -1
- package/emailSender.d.ts +39 -13
- package/emailSender.js +26 -0
- package/emailSender.js.map +1 -1
- package/emailSenderVerification.d.ts +26 -3
- package/emailSenderVerification.js +23 -0
- package/emailSenderVerification.js.map +1 -1
- package/eventHook.d.ts +37 -0
- package/eventHook.js +37 -0
- package/eventHook.js.map +1 -1
- package/eventHookVerification.d.ts +37 -3
- package/eventHookVerification.js +34 -0
- package/eventHookVerification.js.map +1 -1
- package/factor/factor.d.ts +23 -6
- package/factor/factor.js +14 -0
- package/factor/factor.js.map +1 -1
- package/factorTotp.d.ts +44 -12
- package/factorTotp.js +23 -0
- package/factorTotp.js.map +1 -1
- package/getAppGroupAssignments.d.ts +6 -6
- package/getAppGroupAssignments.js +2 -2
- package/getAppSignonPolicy.d.ts +6 -16
- package/getAppSignonPolicy.js +4 -8
- package/getAppSignonPolicy.js.map +1 -1
- package/getAppUserAssignments.d.ts +6 -6
- package/getAppUserAssignments.js +2 -2
- package/getAuthServerClaim.d.ts +12 -15
- package/getAuthServerClaim.js +2 -2
- package/getAuthServerClaim.js.map +1 -1
- package/getAuthServerClaims.d.ts +5 -8
- package/getAuthServerClaims.js +2 -2
- package/getAuthServerClaims.js.map +1 -1
- package/getAuthenticator.d.ts +26 -24
- package/getAuthenticator.js +22 -14
- package/getAuthenticator.js.map +1 -1
- package/getBehaviour.d.ts +8 -6
- package/getBehaviour.js +2 -2
- package/getBehaviour.js.map +1 -1
- package/getBehaviours.d.ts +7 -7
- package/getBehaviours.js +2 -2
- package/getBrand.d.ts +6 -9
- package/getBrand.js +2 -2
- package/getBrand.js.map +1 -1
- package/getBrands.d.ts +2 -2
- package/getBrands.js +2 -2
- package/getEmailCustomization.d.ts +9 -14
- package/getEmailCustomization.js +6 -2
- package/getEmailCustomization.js.map +1 -1
- package/getEmailCustomizations.d.ts +9 -11
- package/getEmailCustomizations.js +6 -2
- package/getEmailCustomizations.js.map +1 -1
- package/getGroups.d.ts +25 -11
- package/getGroups.js +2 -2
- package/getGroups.js.map +1 -1
- package/getNetworkZone.d.ts +12 -12
- package/getNetworkZone.js +2 -2
- package/getRoleSubscription.d.ts +35 -13
- package/getRoleSubscription.js +2 -2
- package/getRoleSubscription.js.map +1 -1
- package/getTemplate.d.ts +8 -10
- package/getTemplate.js +6 -2
- package/getTemplate.js.map +1 -1
- package/getTemplates.d.ts +7 -6
- package/getTemplates.js +6 -2
- package/getTemplates.js.map +1 -1
- package/getTheme.d.ts +12 -14
- package/getTheme.js +6 -2
- package/getTheme.js.map +1 -1
- package/getThemes.d.ts +7 -6
- package/getThemes.js +6 -2
- package/getThemes.js.map +1 -1
- package/getTrustedOrigins.d.ts +4 -7
- package/getTrustedOrigins.js +2 -2
- package/getTrustedOrigins.js.map +1 -1
- package/getUserSecurityQuestions.d.ts +8 -4
- package/getUserSecurityQuestions.js +4 -0
- package/getUserSecurityQuestions.js.map +1 -1
- package/group/getEveryoneGroup.d.ts +5 -10
- package/group/getEveryoneGroup.js +2 -4
- package/group/getEveryoneGroup.js.map +1 -1
- package/group/getGroup.d.ts +26 -17
- package/group/getGroup.js +2 -2
- package/group/getGroup.js.map +1 -1
- package/group/getRule.d.ts +15 -6
- package/group/getRule.js +2 -2
- package/group/getRule.js.map +1 -1
- package/group/group.d.ts +46 -9
- package/group/group.js +37 -0
- package/group/group.js.map +1 -1
- package/group/role.d.ts +101 -15
- package/group/role.js +26 -0
- package/group/role.js.map +1 -1
- package/group/rule.d.ts +80 -6
- package/group/rule.js +23 -0
- package/group/rule.js.map +1 -1
- package/groupMemberships.d.ts +48 -7
- package/groupMemberships.js +42 -1
- package/groupMemberships.js.map +1 -1
- package/groupSchemaProperty.d.ts +94 -51
- package/groupSchemaProperty.js +25 -0
- package/groupSchemaProperty.js.map +1 -1
- package/idp/getMetadataSaml.d.ts +6 -9
- package/idp/getMetadataSaml.js +2 -2
- package/idp/getMetadataSaml.js.map +1 -1
- package/idp/getOidc.d.ts +9 -9
- package/idp/getOidc.js +2 -2
- package/idp/getSaml.d.ts +13 -16
- package/idp/getSaml.js +2 -2
- package/idp/getSaml.js.map +1 -1
- package/idp/getSocial.d.ts +2 -8
- package/idp/getSocial.js +2 -2
- package/idp/getSocial.js.map +1 -1
- package/idp/oidc.d.ts +297 -12
- package/idp/oidc.js +36 -0
- package/idp/oidc.js.map +1 -1
- package/idp/saml.d.ts +284 -18
- package/idp/saml.js +32 -0
- package/idp/saml.js.map +1 -1
- package/idp/samlKey.d.ts +48 -3
- package/idp/samlKey.js +9 -0
- package/idp/samlKey.js.map +1 -1
- package/idp/social.d.ts +251 -18
- package/idp/social.js +32 -0
- package/idp/social.js.map +1 -1
- package/index/emailDomain.d.ts +41 -16
- package/index/emailDomain.js +25 -0
- package/index/emailDomain.js.map +1 -1
- package/index/emailDomainVerification.d.ts +25 -3
- package/index/emailDomainVerification.js +22 -0
- package/index/emailDomainVerification.js.map +1 -1
- package/index/getDomain.d.ts +14 -11
- package/index/getDomain.js +8 -2
- package/index/getDomain.js.map +1 -1
- package/inline/hook.d.ts +89 -0
- package/inline/hook.js +35 -0
- package/inline/hook.js.map +1 -1
- package/linkDefinition.d.ts +30 -0
- package/linkDefinition.js +30 -0
- package/linkDefinition.js.map +1 -1
- package/linkValue.d.ts +59 -6
- package/linkValue.js +53 -0
- package/linkValue.js.map +1 -1
- package/network/zone.d.ts +74 -27
- package/network/zone.js +44 -0
- package/network/zone.js.map +1 -1
- package/orgConfiguration.d.ts +25 -0
- package/orgConfiguration.js +25 -0
- package/orgConfiguration.js.map +1 -1
- package/orgSupport.d.ts +20 -3
- package/orgSupport.js +17 -0
- package/orgSupport.js.map +1 -1
- package/package.json +1 -1
- package/policy/getDefaultPolicy.d.ts +7 -9
- package/policy/getDefaultPolicy.js +2 -6
- package/policy/getDefaultPolicy.js.map +1 -1
- package/policy/getPolicy.d.ts +10 -11
- package/policy/getPolicy.js +2 -2
- package/policy/getPolicy.js.map +1 -1
- package/policy/mfa.d.ts +259 -18
- package/policy/mfa.js +49 -0
- package/policy/mfa.js.map +1 -1
- package/policy/password.d.ts +117 -90
- package/policy/password.js +27 -0
- package/policy/password.js.map +1 -1
- package/policy/ruleIdpDiscovery.d.ts +149 -27
- package/policy/ruleIdpDiscovery.js +65 -0
- package/policy/ruleIdpDiscovery.js.map +1 -1
- package/policy/ruleMfa.d.ts +35 -24
- package/policy/ruleMfa.js +11 -0
- package/policy/ruleMfa.js.map +1 -1
- package/policy/rulePassword.d.ts +46 -33
- package/policy/rulePassword.js +13 -0
- package/policy/rulePassword.js.map +1 -1
- package/policy/ruleSignon.d.ts +170 -57
- package/policy/ruleSignon.js +92 -0
- package/policy/ruleSignon.js.map +1 -1
- package/policy/signon.d.ts +41 -15
- package/policy/signon.js +26 -0
- package/policy/signon.js.map +1 -1
- package/policyMfaDefault.d.ts +250 -13
- package/policyMfaDefault.js +45 -0
- package/policyMfaDefault.js.map +1 -1
- package/policyPasswordDefault.d.ts +88 -54
- package/policyPasswordDefault.js +22 -0
- package/policyPasswordDefault.js.map +1 -1
- package/policyProfileEnrollment.d.ts +28 -6
- package/policyProfileEnrollment.js +22 -0
- package/policyProfileEnrollment.js.map +1 -1
- package/policyProfileEnrollmentApps.d.ts +42 -5
- package/policyProfileEnrollmentApps.js +37 -0
- package/policyProfileEnrollmentApps.js.map +1 -1
- package/policyRuleProfileEnrollment.d.ts +88 -26
- package/policyRuleProfileEnrollment.js +62 -0
- package/policyRuleProfileEnrollment.js.map +1 -1
- package/profile/mapping.d.ts +95 -9
- package/profile/mapping.js +41 -0
- package/profile/mapping.js.map +1 -1
- package/rateLimiting.d.ts +43 -9
- package/rateLimiting.js +28 -0
- package/rateLimiting.js.map +1 -1
- package/resourceSet.d.ts +32 -10
- package/resourceSet.js +20 -1
- package/resourceSet.js.map +1 -1
- package/roleSubscription.d.ts +110 -9
- package/roleSubscription.js +26 -0
- package/roleSubscription.js.map +1 -1
- package/securityNotificationEmails.d.ts +45 -15
- package/securityNotificationEmails.js +30 -0
- package/securityNotificationEmails.js.map +1 -1
- package/templateSms.d.ts +47 -3
- package/templateSms.js +35 -0
- package/templateSms.js.map +1 -1
- package/theme.d.ts +59 -44
- package/theme.js +15 -0
- package/theme.js.map +1 -1
- package/threatInsightSettings.d.ts +58 -6
- package/threatInsightSettings.js +34 -0
- package/threatInsightSettings.js.map +1 -1
- package/trustedorigin/origin.d.ts +37 -12
- package/trustedorigin/origin.js +25 -0
- package/trustedorigin/origin.js.map +1 -1
- package/types/input.d.ts +227 -60
- package/types/output.d.ts +446 -56
- package/user/getUser.d.ts +104 -32
- package/user/getUser.js +2 -2
- package/user/getUser.js.map +1 -1
- package/user/getUserProfileMappingSource.d.ts +7 -9
- package/user/getUserProfileMappingSource.js +4 -6
- package/user/getUserProfileMappingSource.js.map +1 -1
- package/user/getUserType.d.ts +7 -7
- package/user/getUserType.js +2 -2
- package/user/getUsers.d.ts +57 -61
- package/user/getUsers.js +44 -30
- package/user/getUsers.js.map +1 -1
- package/user/user.d.ts +215 -117
- package/user/user.js +71 -0
- package/user/user.js.map +1 -1
- package/user/userType.d.ts +34 -9
- package/user/userType.js +25 -0
- package/user/userType.js.map +1 -1
- package/userAdminRoles.d.ts +41 -10
- package/userAdminRoles.js +29 -1
- package/userAdminRoles.js.map +1 -1
- package/userBaseSchemaProperty.d.ts +67 -24
- package/userBaseSchemaProperty.js +43 -0
- package/userBaseSchemaProperty.js.map +1 -1
- package/userFactorQuestion.d.ts +52 -14
- package/userFactorQuestion.js +39 -1
- package/userFactorQuestion.js.map +1 -1
- package/userGroupMemberships.d.ts +23 -4
- package/userGroupMemberships.js +20 -1
- package/userGroupMemberships.js.map +1 -1
- package/userSchemaProperty.d.ts +107 -57
- package/userSchemaProperty.js +32 -0
- package/userSchemaProperty.js.map +1 -1
- package/utilities.d.ts +4 -0
- package/utilities.js +33 -1
- package/utilities.js.map +1 -1
package/authServerDefault.d.ts
CHANGED
|
@@ -1,4 +1,29 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
|
+
/**
|
|
3
|
+
* Configures Default Authorization Server.
|
|
4
|
+
*
|
|
5
|
+
* This resource allows you to configure Default Authorization Server.
|
|
6
|
+
*
|
|
7
|
+
* ## Example Usage
|
|
8
|
+
*
|
|
9
|
+
* ```typescript
|
|
10
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
11
|
+
* import * as okta from "@pulumi/okta";
|
|
12
|
+
*
|
|
13
|
+
* const example = new okta.AuthServerDefault("example", {
|
|
14
|
+
* audiences: ["api://default"],
|
|
15
|
+
* description: "Default Authorization Server for your Applications",
|
|
16
|
+
* });
|
|
17
|
+
* ```
|
|
18
|
+
*
|
|
19
|
+
* ## Import
|
|
20
|
+
*
|
|
21
|
+
* Authorization Server can be imported via the Okta ID.
|
|
22
|
+
*
|
|
23
|
+
* ```sh
|
|
24
|
+
* $ pulumi import okta:index/authServerDefault:AuthServerDefault example <default>
|
|
25
|
+
* ```
|
|
26
|
+
*/
|
|
2
27
|
export declare class AuthServerDefault extends pulumi.CustomResource {
|
|
3
28
|
/**
|
|
4
29
|
* Get an existing AuthServerDefault resource's state with the given name, ID, and optional extra
|
|
@@ -16,7 +41,7 @@ export declare class AuthServerDefault extends pulumi.CustomResource {
|
|
|
16
41
|
*/
|
|
17
42
|
static isInstance(obj: any): obj is AuthServerDefault;
|
|
18
43
|
/**
|
|
19
|
-
*
|
|
44
|
+
* The recipients that the tokens are intended for. This becomes the `aud` claim in an access token.
|
|
20
45
|
*/
|
|
21
46
|
readonly audiences: pulumi.Output<string[] | undefined>;
|
|
22
47
|
/**
|
|
@@ -24,11 +49,11 @@ export declare class AuthServerDefault extends pulumi.CustomResource {
|
|
|
24
49
|
*/
|
|
25
50
|
readonly credentialsLastRotated: pulumi.Output<string>;
|
|
26
51
|
/**
|
|
27
|
-
* The timestamp when the authorization server changes the key for signing tokens. Only returned when `credentialsRotationMode` is `AUTO`.
|
|
52
|
+
* The timestamp when the authorization server changes the key for signing tokens. Only returned when `credentialsRotationMode` is `"AUTO"`.
|
|
28
53
|
*/
|
|
29
54
|
readonly credentialsNextRotation: pulumi.Output<string>;
|
|
30
55
|
/**
|
|
31
|
-
*
|
|
56
|
+
* The key rotation mode for the authorization server. Can be `"AUTO"` or `"MANUAL"`.
|
|
32
57
|
*/
|
|
33
58
|
readonly credentialsRotationMode: pulumi.Output<string | undefined>;
|
|
34
59
|
/**
|
|
@@ -36,11 +61,11 @@ export declare class AuthServerDefault extends pulumi.CustomResource {
|
|
|
36
61
|
*/
|
|
37
62
|
readonly description: pulumi.Output<string | undefined>;
|
|
38
63
|
/**
|
|
39
|
-
*
|
|
64
|
+
* The complete URL for a Custom Authorization Server. This becomes the `iss` claim in an access token.
|
|
40
65
|
*/
|
|
41
66
|
readonly issuer: pulumi.Output<string>;
|
|
42
67
|
/**
|
|
43
|
-
*
|
|
68
|
+
* Allows you to use a custom issuer URL. It can be set to `"CUSTOM_URL"`, `"ORG_URL"`, or `"DYNAMIC"`.
|
|
44
69
|
*/
|
|
45
70
|
readonly issuerMode: pulumi.Output<string | undefined>;
|
|
46
71
|
/**
|
|
@@ -51,6 +76,9 @@ export declare class AuthServerDefault extends pulumi.CustomResource {
|
|
|
51
76
|
* The name of the authorization server. Not necessary but left for backwards capacity with legacy implementation.
|
|
52
77
|
*/
|
|
53
78
|
readonly name: pulumi.Output<string>;
|
|
79
|
+
/**
|
|
80
|
+
* The status of the auth server.
|
|
81
|
+
*/
|
|
54
82
|
readonly status: pulumi.Output<string | undefined>;
|
|
55
83
|
/**
|
|
56
84
|
* Create a AuthServerDefault resource with the given unique name, arguments, and options.
|
|
@@ -66,7 +94,7 @@ export declare class AuthServerDefault extends pulumi.CustomResource {
|
|
|
66
94
|
*/
|
|
67
95
|
export interface AuthServerDefaultState {
|
|
68
96
|
/**
|
|
69
|
-
*
|
|
97
|
+
* The recipients that the tokens are intended for. This becomes the `aud` claim in an access token.
|
|
70
98
|
*/
|
|
71
99
|
audiences?: pulumi.Input<pulumi.Input<string>[]>;
|
|
72
100
|
/**
|
|
@@ -74,11 +102,11 @@ export interface AuthServerDefaultState {
|
|
|
74
102
|
*/
|
|
75
103
|
credentialsLastRotated?: pulumi.Input<string>;
|
|
76
104
|
/**
|
|
77
|
-
* The timestamp when the authorization server changes the key for signing tokens. Only returned when `credentialsRotationMode` is `AUTO`.
|
|
105
|
+
* The timestamp when the authorization server changes the key for signing tokens. Only returned when `credentialsRotationMode` is `"AUTO"`.
|
|
78
106
|
*/
|
|
79
107
|
credentialsNextRotation?: pulumi.Input<string>;
|
|
80
108
|
/**
|
|
81
|
-
*
|
|
109
|
+
* The key rotation mode for the authorization server. Can be `"AUTO"` or `"MANUAL"`.
|
|
82
110
|
*/
|
|
83
111
|
credentialsRotationMode?: pulumi.Input<string>;
|
|
84
112
|
/**
|
|
@@ -86,11 +114,11 @@ export interface AuthServerDefaultState {
|
|
|
86
114
|
*/
|
|
87
115
|
description?: pulumi.Input<string>;
|
|
88
116
|
/**
|
|
89
|
-
*
|
|
117
|
+
* The complete URL for a Custom Authorization Server. This becomes the `iss` claim in an access token.
|
|
90
118
|
*/
|
|
91
119
|
issuer?: pulumi.Input<string>;
|
|
92
120
|
/**
|
|
93
|
-
*
|
|
121
|
+
* Allows you to use a custom issuer URL. It can be set to `"CUSTOM_URL"`, `"ORG_URL"`, or `"DYNAMIC"`.
|
|
94
122
|
*/
|
|
95
123
|
issuerMode?: pulumi.Input<string>;
|
|
96
124
|
/**
|
|
@@ -101,6 +129,9 @@ export interface AuthServerDefaultState {
|
|
|
101
129
|
* The name of the authorization server. Not necessary but left for backwards capacity with legacy implementation.
|
|
102
130
|
*/
|
|
103
131
|
name?: pulumi.Input<string>;
|
|
132
|
+
/**
|
|
133
|
+
* The status of the auth server.
|
|
134
|
+
*/
|
|
104
135
|
status?: pulumi.Input<string>;
|
|
105
136
|
}
|
|
106
137
|
/**
|
|
@@ -108,11 +139,11 @@ export interface AuthServerDefaultState {
|
|
|
108
139
|
*/
|
|
109
140
|
export interface AuthServerDefaultArgs {
|
|
110
141
|
/**
|
|
111
|
-
*
|
|
142
|
+
* The recipients that the tokens are intended for. This becomes the `aud` claim in an access token.
|
|
112
143
|
*/
|
|
113
144
|
audiences?: pulumi.Input<pulumi.Input<string>[]>;
|
|
114
145
|
/**
|
|
115
|
-
*
|
|
146
|
+
* The key rotation mode for the authorization server. Can be `"AUTO"` or `"MANUAL"`.
|
|
116
147
|
*/
|
|
117
148
|
credentialsRotationMode?: pulumi.Input<string>;
|
|
118
149
|
/**
|
|
@@ -120,12 +151,15 @@ export interface AuthServerDefaultArgs {
|
|
|
120
151
|
*/
|
|
121
152
|
description?: pulumi.Input<string>;
|
|
122
153
|
/**
|
|
123
|
-
*
|
|
154
|
+
* Allows you to use a custom issuer URL. It can be set to `"CUSTOM_URL"`, `"ORG_URL"`, or `"DYNAMIC"`.
|
|
124
155
|
*/
|
|
125
156
|
issuerMode?: pulumi.Input<string>;
|
|
126
157
|
/**
|
|
127
158
|
* The name of the authorization server. Not necessary but left for backwards capacity with legacy implementation.
|
|
128
159
|
*/
|
|
129
160
|
name?: pulumi.Input<string>;
|
|
161
|
+
/**
|
|
162
|
+
* The status of the auth server.
|
|
163
|
+
*/
|
|
130
164
|
status?: pulumi.Input<string>;
|
|
131
165
|
}
|
package/authServerDefault.js
CHANGED
|
@@ -5,6 +5,31 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
5
5
|
exports.AuthServerDefault = void 0;
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("./utilities");
|
|
8
|
+
/**
|
|
9
|
+
* Configures Default Authorization Server.
|
|
10
|
+
*
|
|
11
|
+
* This resource allows you to configure Default Authorization Server.
|
|
12
|
+
*
|
|
13
|
+
* ## Example Usage
|
|
14
|
+
*
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
17
|
+
* import * as okta from "@pulumi/okta";
|
|
18
|
+
*
|
|
19
|
+
* const example = new okta.AuthServerDefault("example", {
|
|
20
|
+
* audiences: ["api://default"],
|
|
21
|
+
* description: "Default Authorization Server for your Applications",
|
|
22
|
+
* });
|
|
23
|
+
* ```
|
|
24
|
+
*
|
|
25
|
+
* ## Import
|
|
26
|
+
*
|
|
27
|
+
* Authorization Server can be imported via the Okta ID.
|
|
28
|
+
*
|
|
29
|
+
* ```sh
|
|
30
|
+
* $ pulumi import okta:index/authServerDefault:AuthServerDefault example <default>
|
|
31
|
+
* ```
|
|
32
|
+
*/
|
|
8
33
|
class AuthServerDefault extends pulumi.CustomResource {
|
|
9
34
|
/**
|
|
10
35
|
* Get an existing AuthServerDefault resource's state with the given name, ID, and optional extra
|
package/authServerDefault.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authServerDefault.js","sourceRoot":"","sources":["../authServerDefault.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IACxD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;
|
|
1
|
+
{"version":3,"file":"authServerDefault.js","sourceRoot":"","sources":["../authServerDefault.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IACxD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;IAmDD,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,wBAAwB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7D,cAAc,CAAC,yBAAyB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7C,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;;AA3GL,8CA4GC;AA9FG,gBAAgB;AACO,8BAAY,GAAG,gDAAgD,CAAC"}
|
package/authenticator.d.ts
CHANGED
|
@@ -1,4 +1,42 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
|
+
/**
|
|
3
|
+
* > **WARNING:** This feature is only available as a part of the Identity Engine. Contact support for further information.
|
|
4
|
+
*
|
|
5
|
+
* This resource allows you to configure different authenticators.
|
|
6
|
+
*
|
|
7
|
+
* > **Create:** The Okta API has an odd notion of create for authenticators. If
|
|
8
|
+
* the authenticator doesn't exist then a one time `POST /api/v1/authenticators` to
|
|
9
|
+
* create the authenticator (hard create) will be performed. Thereafter, that
|
|
10
|
+
* authenticator is never deleted, it is only deactivated (soft delete). Therefore,
|
|
11
|
+
* if the authenticator already exists create is just a soft import of an existing
|
|
12
|
+
* authenticator.
|
|
13
|
+
*
|
|
14
|
+
* > **Delete:** Authenticators can not be truly deleted therefore delete is soft.
|
|
15
|
+
* Delete will attempt to deativate the authenticator. An authenticator can only be
|
|
16
|
+
* deactivated if it's not in use by any other policy.
|
|
17
|
+
*
|
|
18
|
+
* ## Example Usage
|
|
19
|
+
*
|
|
20
|
+
* ```typescript
|
|
21
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
22
|
+
* import * as okta from "@pulumi/okta";
|
|
23
|
+
*
|
|
24
|
+
* const test = new okta.Authenticator("test", {
|
|
25
|
+
* key: "security_question",
|
|
26
|
+
* settings: JSON.stringify({
|
|
27
|
+
* allowedFor: "recovery",
|
|
28
|
+
* }),
|
|
29
|
+
* });
|
|
30
|
+
* ```
|
|
31
|
+
*
|
|
32
|
+
* ## Import
|
|
33
|
+
*
|
|
34
|
+
* Okta authenticator can be imported via the Okta ID.
|
|
35
|
+
*
|
|
36
|
+
* ```sh
|
|
37
|
+
* $ pulumi import okta:index/authenticator:Authenticator example <authenticator_id>
|
|
38
|
+
* ```
|
|
39
|
+
*/
|
|
2
40
|
export declare class Authenticator extends pulumi.CustomResource {
|
|
3
41
|
/**
|
|
4
42
|
* Get an existing Authenticator resource's state with the given name, ID, and optional extra
|
|
@@ -16,23 +54,23 @@ export declare class Authenticator extends pulumi.CustomResource {
|
|
|
16
54
|
*/
|
|
17
55
|
static isInstance(obj: any): obj is Authenticator;
|
|
18
56
|
/**
|
|
19
|
-
* A human-readable string that identifies the
|
|
57
|
+
* A human-readable string that identifies the authenticator. Some authenticators are available by feature flag on the organization. Possible values inclue: `duo`, `externalIdp`, `googleOtp`, `oktaEmail`, `oktaPassword`, `oktaVerify`, `onpremMfa`, `phoneNumber`, `rsaToken`, `securityQuestion`, `webauthn`
|
|
20
58
|
*/
|
|
21
59
|
readonly key: pulumi.Output<string>;
|
|
22
60
|
/**
|
|
23
|
-
*
|
|
61
|
+
* Name of the authenticator.
|
|
24
62
|
*/
|
|
25
63
|
readonly name: pulumi.Output<string>;
|
|
26
64
|
/**
|
|
27
|
-
* The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured
|
|
65
|
+
* The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
28
66
|
*/
|
|
29
67
|
readonly providerAuthPort: pulumi.Output<number | undefined>;
|
|
30
68
|
/**
|
|
31
|
-
* The Duo Security API hostname
|
|
69
|
+
* (DUO specific) - The Duo Security API hostname". Conflicts with `providerJson` argument.
|
|
32
70
|
*/
|
|
33
71
|
readonly providerHost: pulumi.Output<string | undefined>;
|
|
34
72
|
/**
|
|
35
|
-
* Server host name or IP address
|
|
73
|
+
* Server host name or IP address. Default is `"localhost"`. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
36
74
|
*/
|
|
37
75
|
readonly providerHostname: pulumi.Output<string | undefined>;
|
|
38
76
|
/**
|
|
@@ -40,19 +78,25 @@ export declare class Authenticator extends pulumi.CustomResource {
|
|
|
40
78
|
*/
|
|
41
79
|
readonly providerInstanceId: pulumi.Output<string>;
|
|
42
80
|
/**
|
|
43
|
-
* The Duo Security integration key
|
|
81
|
+
* (DUO specific) - The Duo Security integration key. Conflicts with `providerJson` argument.
|
|
44
82
|
*/
|
|
45
83
|
readonly providerIntegrationKey: pulumi.Output<string | undefined>;
|
|
46
84
|
/**
|
|
47
|
-
* Provider
|
|
85
|
+
* Provider JSON allows for expressive provider
|
|
86
|
+
* values. This argument conflicts with the other `providerXxx` arguments. The
|
|
87
|
+
* [Create
|
|
88
|
+
* Provider](https://developer.okta.com/docs/reference/api/authenticators-admin/#request)
|
|
89
|
+
* illustrates detailed provider values for a Duo authenticator. [Provider
|
|
90
|
+
* values](https://developer.okta.com/docs/reference/api/authenticators-admin/#authenticators-administration-api-object)
|
|
91
|
+
* are listed in Okta API.
|
|
48
92
|
*/
|
|
49
93
|
readonly providerJson: pulumi.Output<string | undefined>;
|
|
50
94
|
/**
|
|
51
|
-
* The Duo Security secret key
|
|
95
|
+
* (DUO specific) - The Duo Security secret key. Conflicts with `providerJson` argument.
|
|
52
96
|
*/
|
|
53
97
|
readonly providerSecretKey: pulumi.Output<string | undefined>;
|
|
54
98
|
/**
|
|
55
|
-
* An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
|
|
99
|
+
* An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
56
100
|
*/
|
|
57
101
|
readonly providerSharedSecret: pulumi.Output<string | undefined>;
|
|
58
102
|
/**
|
|
@@ -60,19 +104,19 @@ export declare class Authenticator extends pulumi.CustomResource {
|
|
|
60
104
|
*/
|
|
61
105
|
readonly providerType: pulumi.Output<string>;
|
|
62
106
|
/**
|
|
63
|
-
*
|
|
107
|
+
* Username template expected by the provider. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
64
108
|
*/
|
|
65
109
|
readonly providerUserNameTemplate: pulumi.Output<string | undefined>;
|
|
66
110
|
/**
|
|
67
|
-
*
|
|
111
|
+
* Settings for the authenticator. The settings JSON contains values based on Authenticator key. It is not used for authenticators with type `"securityKey"`.
|
|
68
112
|
*/
|
|
69
113
|
readonly settings: pulumi.Output<string | undefined>;
|
|
70
114
|
/**
|
|
71
|
-
*
|
|
115
|
+
* Status of the authenticator. Default is `ACTIVE`.
|
|
72
116
|
*/
|
|
73
117
|
readonly status: pulumi.Output<string | undefined>;
|
|
74
118
|
/**
|
|
75
|
-
* The type of Authenticator
|
|
119
|
+
* The type of Authenticator. Values include: `"password"`, `"securityQuestion"`, `"phone"`, `"email"`, `"app"`, `"federated"`, and `"securityKey"`.
|
|
76
120
|
*/
|
|
77
121
|
readonly type: pulumi.Output<string>;
|
|
78
122
|
/**
|
|
@@ -89,23 +133,23 @@ export declare class Authenticator extends pulumi.CustomResource {
|
|
|
89
133
|
*/
|
|
90
134
|
export interface AuthenticatorState {
|
|
91
135
|
/**
|
|
92
|
-
* A human-readable string that identifies the
|
|
136
|
+
* A human-readable string that identifies the authenticator. Some authenticators are available by feature flag on the organization. Possible values inclue: `duo`, `externalIdp`, `googleOtp`, `oktaEmail`, `oktaPassword`, `oktaVerify`, `onpremMfa`, `phoneNumber`, `rsaToken`, `securityQuestion`, `webauthn`
|
|
93
137
|
*/
|
|
94
138
|
key?: pulumi.Input<string>;
|
|
95
139
|
/**
|
|
96
|
-
*
|
|
140
|
+
* Name of the authenticator.
|
|
97
141
|
*/
|
|
98
142
|
name?: pulumi.Input<string>;
|
|
99
143
|
/**
|
|
100
|
-
* The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured
|
|
144
|
+
* The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
101
145
|
*/
|
|
102
146
|
providerAuthPort?: pulumi.Input<number>;
|
|
103
147
|
/**
|
|
104
|
-
* The Duo Security API hostname
|
|
148
|
+
* (DUO specific) - The Duo Security API hostname". Conflicts with `providerJson` argument.
|
|
105
149
|
*/
|
|
106
150
|
providerHost?: pulumi.Input<string>;
|
|
107
151
|
/**
|
|
108
|
-
* Server host name or IP address
|
|
152
|
+
* Server host name or IP address. Default is `"localhost"`. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
109
153
|
*/
|
|
110
154
|
providerHostname?: pulumi.Input<string>;
|
|
111
155
|
/**
|
|
@@ -113,19 +157,25 @@ export interface AuthenticatorState {
|
|
|
113
157
|
*/
|
|
114
158
|
providerInstanceId?: pulumi.Input<string>;
|
|
115
159
|
/**
|
|
116
|
-
* The Duo Security integration key
|
|
160
|
+
* (DUO specific) - The Duo Security integration key. Conflicts with `providerJson` argument.
|
|
117
161
|
*/
|
|
118
162
|
providerIntegrationKey?: pulumi.Input<string>;
|
|
119
163
|
/**
|
|
120
|
-
* Provider
|
|
164
|
+
* Provider JSON allows for expressive provider
|
|
165
|
+
* values. This argument conflicts with the other `providerXxx` arguments. The
|
|
166
|
+
* [Create
|
|
167
|
+
* Provider](https://developer.okta.com/docs/reference/api/authenticators-admin/#request)
|
|
168
|
+
* illustrates detailed provider values for a Duo authenticator. [Provider
|
|
169
|
+
* values](https://developer.okta.com/docs/reference/api/authenticators-admin/#authenticators-administration-api-object)
|
|
170
|
+
* are listed in Okta API.
|
|
121
171
|
*/
|
|
122
172
|
providerJson?: pulumi.Input<string>;
|
|
123
173
|
/**
|
|
124
|
-
* The Duo Security secret key
|
|
174
|
+
* (DUO specific) - The Duo Security secret key. Conflicts with `providerJson` argument.
|
|
125
175
|
*/
|
|
126
176
|
providerSecretKey?: pulumi.Input<string>;
|
|
127
177
|
/**
|
|
128
|
-
* An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
|
|
178
|
+
* An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
129
179
|
*/
|
|
130
180
|
providerSharedSecret?: pulumi.Input<string>;
|
|
131
181
|
/**
|
|
@@ -133,19 +183,19 @@ export interface AuthenticatorState {
|
|
|
133
183
|
*/
|
|
134
184
|
providerType?: pulumi.Input<string>;
|
|
135
185
|
/**
|
|
136
|
-
*
|
|
186
|
+
* Username template expected by the provider. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
137
187
|
*/
|
|
138
188
|
providerUserNameTemplate?: pulumi.Input<string>;
|
|
139
189
|
/**
|
|
140
|
-
*
|
|
190
|
+
* Settings for the authenticator. The settings JSON contains values based on Authenticator key. It is not used for authenticators with type `"securityKey"`.
|
|
141
191
|
*/
|
|
142
192
|
settings?: pulumi.Input<string>;
|
|
143
193
|
/**
|
|
144
|
-
*
|
|
194
|
+
* Status of the authenticator. Default is `ACTIVE`.
|
|
145
195
|
*/
|
|
146
196
|
status?: pulumi.Input<string>;
|
|
147
197
|
/**
|
|
148
|
-
* The type of Authenticator
|
|
198
|
+
* The type of Authenticator. Values include: `"password"`, `"securityQuestion"`, `"phone"`, `"email"`, `"app"`, `"federated"`, and `"securityKey"`.
|
|
149
199
|
*/
|
|
150
200
|
type?: pulumi.Input<string>;
|
|
151
201
|
}
|
|
@@ -154,51 +204,57 @@ export interface AuthenticatorState {
|
|
|
154
204
|
*/
|
|
155
205
|
export interface AuthenticatorArgs {
|
|
156
206
|
/**
|
|
157
|
-
* A human-readable string that identifies the
|
|
207
|
+
* A human-readable string that identifies the authenticator. Some authenticators are available by feature flag on the organization. Possible values inclue: `duo`, `externalIdp`, `googleOtp`, `oktaEmail`, `oktaPassword`, `oktaVerify`, `onpremMfa`, `phoneNumber`, `rsaToken`, `securityQuestion`, `webauthn`
|
|
158
208
|
*/
|
|
159
209
|
key: pulumi.Input<string>;
|
|
160
210
|
/**
|
|
161
|
-
*
|
|
211
|
+
* Name of the authenticator.
|
|
162
212
|
*/
|
|
163
213
|
name?: pulumi.Input<string>;
|
|
164
214
|
/**
|
|
165
|
-
* The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured
|
|
215
|
+
* The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
166
216
|
*/
|
|
167
217
|
providerAuthPort?: pulumi.Input<number>;
|
|
168
218
|
/**
|
|
169
|
-
* The Duo Security API hostname
|
|
219
|
+
* (DUO specific) - The Duo Security API hostname". Conflicts with `providerJson` argument.
|
|
170
220
|
*/
|
|
171
221
|
providerHost?: pulumi.Input<string>;
|
|
172
222
|
/**
|
|
173
|
-
* Server host name or IP address
|
|
223
|
+
* Server host name or IP address. Default is `"localhost"`. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
174
224
|
*/
|
|
175
225
|
providerHostname?: pulumi.Input<string>;
|
|
176
226
|
/**
|
|
177
|
-
* The Duo Security integration key
|
|
227
|
+
* (DUO specific) - The Duo Security integration key. Conflicts with `providerJson` argument.
|
|
178
228
|
*/
|
|
179
229
|
providerIntegrationKey?: pulumi.Input<string>;
|
|
180
230
|
/**
|
|
181
|
-
* Provider
|
|
231
|
+
* Provider JSON allows for expressive provider
|
|
232
|
+
* values. This argument conflicts with the other `providerXxx` arguments. The
|
|
233
|
+
* [Create
|
|
234
|
+
* Provider](https://developer.okta.com/docs/reference/api/authenticators-admin/#request)
|
|
235
|
+
* illustrates detailed provider values for a Duo authenticator. [Provider
|
|
236
|
+
* values](https://developer.okta.com/docs/reference/api/authenticators-admin/#authenticators-administration-api-object)
|
|
237
|
+
* are listed in Okta API.
|
|
182
238
|
*/
|
|
183
239
|
providerJson?: pulumi.Input<string>;
|
|
184
240
|
/**
|
|
185
|
-
* The Duo Security secret key
|
|
241
|
+
* (DUO specific) - The Duo Security secret key. Conflicts with `providerJson` argument.
|
|
186
242
|
*/
|
|
187
243
|
providerSecretKey?: pulumi.Input<string>;
|
|
188
244
|
/**
|
|
189
|
-
* An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server.
|
|
245
|
+
* An authentication key that must be defined when the RADIUS server is configured, and must be the same on both the RADIUS client and server. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
190
246
|
*/
|
|
191
247
|
providerSharedSecret?: pulumi.Input<string>;
|
|
192
248
|
/**
|
|
193
|
-
*
|
|
249
|
+
* Username template expected by the provider. Used only for authenticators with type `"securityKey"`. Conflicts with `providerJson` argument.
|
|
194
250
|
*/
|
|
195
251
|
providerUserNameTemplate?: pulumi.Input<string>;
|
|
196
252
|
/**
|
|
197
|
-
*
|
|
253
|
+
* Settings for the authenticator. The settings JSON contains values based on Authenticator key. It is not used for authenticators with type `"securityKey"`.
|
|
198
254
|
*/
|
|
199
255
|
settings?: pulumi.Input<string>;
|
|
200
256
|
/**
|
|
201
|
-
*
|
|
257
|
+
* Status of the authenticator. Default is `ACTIVE`.
|
|
202
258
|
*/
|
|
203
259
|
status?: pulumi.Input<string>;
|
|
204
260
|
}
|
package/authenticator.js
CHANGED
|
@@ -5,6 +5,44 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
5
5
|
exports.Authenticator = void 0;
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("./utilities");
|
|
8
|
+
/**
|
|
9
|
+
* > **WARNING:** This feature is only available as a part of the Identity Engine. Contact support for further information.
|
|
10
|
+
*
|
|
11
|
+
* This resource allows you to configure different authenticators.
|
|
12
|
+
*
|
|
13
|
+
* > **Create:** The Okta API has an odd notion of create for authenticators. If
|
|
14
|
+
* the authenticator doesn't exist then a one time `POST /api/v1/authenticators` to
|
|
15
|
+
* create the authenticator (hard create) will be performed. Thereafter, that
|
|
16
|
+
* authenticator is never deleted, it is only deactivated (soft delete). Therefore,
|
|
17
|
+
* if the authenticator already exists create is just a soft import of an existing
|
|
18
|
+
* authenticator.
|
|
19
|
+
*
|
|
20
|
+
* > **Delete:** Authenticators can not be truly deleted therefore delete is soft.
|
|
21
|
+
* Delete will attempt to deativate the authenticator. An authenticator can only be
|
|
22
|
+
* deactivated if it's not in use by any other policy.
|
|
23
|
+
*
|
|
24
|
+
* ## Example Usage
|
|
25
|
+
*
|
|
26
|
+
* ```typescript
|
|
27
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
28
|
+
* import * as okta from "@pulumi/okta";
|
|
29
|
+
*
|
|
30
|
+
* const test = new okta.Authenticator("test", {
|
|
31
|
+
* key: "security_question",
|
|
32
|
+
* settings: JSON.stringify({
|
|
33
|
+
* allowedFor: "recovery",
|
|
34
|
+
* }),
|
|
35
|
+
* });
|
|
36
|
+
* ```
|
|
37
|
+
*
|
|
38
|
+
* ## Import
|
|
39
|
+
*
|
|
40
|
+
* Okta authenticator can be imported via the Okta ID.
|
|
41
|
+
*
|
|
42
|
+
* ```sh
|
|
43
|
+
* $ pulumi import okta:index/authenticator:Authenticator example <authenticator_id>
|
|
44
|
+
* ```
|
|
45
|
+
*/
|
|
8
46
|
class Authenticator extends pulumi.CustomResource {
|
|
9
47
|
/**
|
|
10
48
|
* Get an existing Authenticator resource's state with the given name, ID, and optional extra
|
package/authenticator.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticator.js","sourceRoot":"","sources":["../authenticator.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,aAAc,SAAQ,MAAM,CAAC,cAAc;IACpD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA0B,EAAE,IAAmC;QACxH,OAAO,IAAI,aAAa,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACpE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,aAAa,CAAC,YAAY,CAAC;IAC9D,CAAC;
|
|
1
|
+
{"version":3,"file":"authenticator.js","sourceRoot":"","sources":["../authenticator.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAa,aAAc,SAAQ,MAAM,CAAC,cAAc;IACpD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA0B,EAAE,IAAmC;QACxH,OAAO,IAAI,aAAa,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACpE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,aAAa,CAAC,YAAY,CAAC;IAC9D,CAAC;IA6ED,YAAY,IAAY,EAAE,WAAoD,EAAE,IAAmC;QAC/G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA6C,CAAC;YAC5D,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAA4C,CAAC;YAC1D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;aACtD;YACD,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACpD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,sBAAsB,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC3H,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACzD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC;QACzE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC;;AApJL,sCAqJC;AAvIG,gBAAgB;AACO,0BAAY,GAAG,wCAAwC,CAAC"}
|