import * as pulumi from "@pulumi/pulumi"; /** * Creates an OIDC configuration in an OVHcloud Managed Private Registry. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as ovh from "@ovhcloud/pulumi-ovh"; * * const myOidc = new ovh.cloudproject.ContainerRegistryOIDC("my_oidc", { * serviceName: "XXXXXX", * registryId: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", * oidcName: "my-oidc-provider", * oidcEndpoint: "https://xxxx.yyy.com", * oidcClientId: "xxx", * oidcClientSecret: "xxx", * oidcScope: "openid,profile,email,offline_access", * oidcGroupFilter: "harbor-admin", * oidcGroupsClaim: "groups", * oidcAdminGroup: "harbor-admin", * oidcVerifyCert: true, * oidcAutoOnboard: true, * oidcUserClaim: "preferred_username", * deleteUsers: false, * }); * export const oidcClientSecret = myOidc.oidcClientSecret; * ``` * * ## Import * * OVHcloud Managed Private Registry OIDC can be imported using the tenant `service_name` and registry id `registry_id` separated by "/" E.g., * * bash * * ```sh * $ pulumi import ovh:CloudProject/containerRegistryOIDC:ContainerRegistryOIDC my-oidc service_name/registry_id * ``` */ export declare class ContainerRegistryOIDC extends pulumi.CustomResource { /** * Get an existing ContainerRegistryOIDC resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ContainerRegistryOIDCState, opts?: pulumi.CustomResourceOptions): ContainerRegistryOIDC; /** * Returns true if the given object is an instance of ContainerRegistryOIDC. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ContainerRegistryOIDC; /** * Delete existing users from Harbor. OIDC can't be enabled if there is at least one user already created. This parameter is only used at OIDC configuration creation. **Changing this value recreates the resource.** */ readonly deleteUsers: pulumi.Output; /** * Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to. */ readonly oidcAdminGroup: pulumi.Output; /** * Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token. */ readonly oidcAutoOnboard: pulumi.Output; /** * The client ID with which Harbor is registered as client application with the OIDC provider. */ readonly oidcClientId: pulumi.Output; /** * The secret for the Harbor client application. */ readonly oidcClientSecret: pulumi.Output; /** * The URL of an OIDC-compliant server. */ readonly oidcEndpoint: pulumi.Output; /** * The regular expression to select matching groups from the Group Claim Name list. Matching groups are added to Harbor. This filter does not limit the users’ capability to log in into Harbor. */ readonly oidcGroupFilter: pulumi.Output; /** * The name of Claim in the ID token whose value is the list of group names. */ readonly oidcGroupsClaim: pulumi.Output; /** * The name of the OIDC provider. */ readonly oidcName: pulumi.Output; /** * The scope sent to OIDC server during authentication. It's a comma-separated string that must contain 'openid' and usually also contains 'profile' and 'email'. To obtain refresh tokens it should also contain 'offline_access'. */ readonly oidcScope: pulumi.Output; /** * The name of the claim in the ID Token where the username is retrieved from. If not specified, it will default to 'name' (only useful when automatic Onboarding is enabled). */ readonly oidcUserClaim: pulumi.Output; /** * Set it to `false` if your OIDC server is hosted via self-signed certificate. */ readonly oidcVerifyCert: pulumi.Output; /** * The ID of the Managed Private Registry. **Changing this value recreates the resource.** */ readonly registryId: pulumi.Output; /** * The ID of the public cloud project. If omitted, the `OVH_CLOUD_PROJECT_SERVICE` environment variable is used. **Changing this value recreates the resource.** */ readonly serviceName: pulumi.Output; /** * Create a ContainerRegistryOIDC resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ContainerRegistryOIDCArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ContainerRegistryOIDC resources. */ export interface ContainerRegistryOIDCState { /** * Delete existing users from Harbor. OIDC can't be enabled if there is at least one user already created. This parameter is only used at OIDC configuration creation. **Changing this value recreates the resource.** */ deleteUsers?: pulumi.Input; /** * Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to. */ oidcAdminGroup?: pulumi.Input; /** * Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token. */ oidcAutoOnboard?: pulumi.Input; /** * The client ID with which Harbor is registered as client application with the OIDC provider. */ oidcClientId?: pulumi.Input; /** * The secret for the Harbor client application. */ oidcClientSecret?: pulumi.Input; /** * The URL of an OIDC-compliant server. */ oidcEndpoint?: pulumi.Input; /** * The regular expression to select matching groups from the Group Claim Name list. Matching groups are added to Harbor. This filter does not limit the users’ capability to log in into Harbor. */ oidcGroupFilter?: pulumi.Input; /** * The name of Claim in the ID token whose value is the list of group names. */ oidcGroupsClaim?: pulumi.Input; /** * The name of the OIDC provider. */ oidcName?: pulumi.Input; /** * The scope sent to OIDC server during authentication. It's a comma-separated string that must contain 'openid' and usually also contains 'profile' and 'email'. To obtain refresh tokens it should also contain 'offline_access'. */ oidcScope?: pulumi.Input; /** * The name of the claim in the ID Token where the username is retrieved from. If not specified, it will default to 'name' (only useful when automatic Onboarding is enabled). */ oidcUserClaim?: pulumi.Input; /** * Set it to `false` if your OIDC server is hosted via self-signed certificate. */ oidcVerifyCert?: pulumi.Input; /** * The ID of the Managed Private Registry. **Changing this value recreates the resource.** */ registryId?: pulumi.Input; /** * The ID of the public cloud project. If omitted, the `OVH_CLOUD_PROJECT_SERVICE` environment variable is used. **Changing this value recreates the resource.** */ serviceName?: pulumi.Input; } /** * The set of arguments for constructing a ContainerRegistryOIDC resource. */ export interface ContainerRegistryOIDCArgs { /** * Delete existing users from Harbor. OIDC can't be enabled if there is at least one user already created. This parameter is only used at OIDC configuration creation. **Changing this value recreates the resource.** */ deleteUsers?: pulumi.Input; /** * Specify an OIDC admin group name. All OIDC users in this group will have harbor admin privilege. Keep it blank if you do not want to. */ oidcAdminGroup?: pulumi.Input; /** * Skip the onboarding screen, so user cannot change its username. Username is provided from ID Token. */ oidcAutoOnboard?: pulumi.Input; /** * The client ID with which Harbor is registered as client application with the OIDC provider. */ oidcClientId: pulumi.Input; /** * The secret for the Harbor client application. */ oidcClientSecret: pulumi.Input; /** * The URL of an OIDC-compliant server. */ oidcEndpoint: pulumi.Input; /** * The regular expression to select matching groups from the Group Claim Name list. Matching groups are added to Harbor. This filter does not limit the users’ capability to log in into Harbor. */ oidcGroupFilter?: pulumi.Input; /** * The name of Claim in the ID token whose value is the list of group names. */ oidcGroupsClaim?: pulumi.Input; /** * The name of the OIDC provider. */ oidcName: pulumi.Input; /** * The scope sent to OIDC server during authentication. It's a comma-separated string that must contain 'openid' and usually also contains 'profile' and 'email'. To obtain refresh tokens it should also contain 'offline_access'. */ oidcScope: pulumi.Input; /** * The name of the claim in the ID Token where the username is retrieved from. If not specified, it will default to 'name' (only useful when automatic Onboarding is enabled). */ oidcUserClaim?: pulumi.Input; /** * Set it to `false` if your OIDC server is hosted via self-signed certificate. */ oidcVerifyCert?: pulumi.Input; /** * The ID of the Managed Private Registry. **Changing this value recreates the resource.** */ registryId: pulumi.Input; /** * The ID of the public cloud project. If omitted, the `OVH_CLOUD_PROJECT_SERVICE` environment variable is used. **Changing this value recreates the resource.** */ serviceName?: pulumi.Input; }