vault_identity_oidc_provider

Manages OIDC Providers in a Vault server. See the Vault documentation for more information.

Example Usage

resource "vault_identity_oidc_key" "test" {
  name               = "my-key"
  allowed_client_ids = ["*"]
  rotation_period    = 3600
  verification_ttl   = 3600
}

resource "vault_identity_oidc_assignment" "test" {
  name       = "my-assignment"
  entity_ids = ["fake-ascbascas-2231a-sdfaa"]
  group_ids  = ["fake-sajkdsad-32414-sfsada"]
}

resource "vault_identity_oidc_client" "test" {
  name          = "application"
  key           = vault_identity_oidc_key.test.name
  redirect_uris = [
    "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
    "http://127.0.0.1:8251/callback",
    "http://127.0.0.1:8080/callback"
  ]
  assignments = [
    vault_identity_oidc_assignment.test.name
  ]
  id_token_ttl     = 2400
  access_token_ttl = 7200
}

resource "vault_identity_oidc_scope" "test" {
  name        = "groups"
  template    = jsonencode(
  {
    groups = "{{identity.entity.groups.names}}",
  }
  )
  description = "Groups scope."
}

resource "vault_identity_oidc_provider" "test" {
  name = "my-provider"
  https_enabled = false
  issuer_host = "127.0.0.1:8200"
  allowed_client_ids = [
    vault_identity_oidc_client.test.client_id
  ]
  scopes_supported = [
    vault_identity_oidc_scope.test.name
  ]
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the arguments above, the following attributes are exported:

Import

OIDC Providers can be imported using the name, e.g.

$ terraform import vault_identity_oidc_provider.test my-provider