import * as pulumi from "@pulumi/pulumi"; /** * Provides a resource to manage [Okta MFA](https://www.vaultproject.io/docs/enterprise/mfa/mfa-okta). * * **Note** this feature is available only with Vault Enterprise. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as vault from "@pulumi/vault"; * * const userpass = new vault.AuthBackend("userpass", { * type: "userpass", * path: "userpass", * }); * const myOkta = new vault.MfaOkta("my_okta", { * name: "my_okta", * mountAccessor: userpass.accessor, * usernameFormat: "user@example.com", * orgName: "hashicorp", * apiToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9", * }); * ``` * * ## Import * * Mounts can be imported using the `path`, e.g. * * ```sh * $ pulumi import vault:index/mfaOkta:MfaOkta my_okta my_okta * ``` */ export declare class MfaOkta extends pulumi.CustomResource { /** * Get an existing MfaOkta resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: MfaOktaState, opts?: pulumi.CustomResourceOptions): MfaOkta; /** * Returns true if the given object is an instance of MfaOkta. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is MfaOkta; /** * `(string: )` - Okta API key. */ readonly apiToken: pulumi.Output; /** * `(string)` - If set, will be used as the base domain for API requests. Examples are `okta.com`, * `oktapreview.com`, and `okta-emea.com`. */ readonly baseUrl: pulumi.Output; /** * `(string: )` - The mount to tie this method to for use in automatic mappings. * The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. */ readonly mountAccessor: pulumi.Output; /** * `(string: )` – Name of the MFA method. */ readonly name: pulumi.Output; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ readonly namespace: pulumi.Output; /** * `(string: )` - Name of the organization to be used in the Okta API. */ readonly orgName: pulumi.Output; /** * `(string: )` - If set to true, the username will only match the * primary email for the account. */ readonly primaryEmail: pulumi.Output; /** * `(string)` - A format string for mapping Identity names to MFA method names. * Values to substitute should be placed in `{{}}`. For example, `"{{alias.name}}@example.com"`. * If blank, the Alias's Name field will be used as-is. Currently-supported mappings: * - alias.name: The name returned by the mount configured via the `mountAccessor` parameter * - entity.name: The name configured for the Entity * - alias.metadata.``: The value of the Alias's metadata parameter * - entity.metadata.``: The value of the Entity's metadata parameter */ readonly usernameFormat: pulumi.Output; /** * Create a MfaOkta resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: MfaOktaArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering MfaOkta resources. */ export interface MfaOktaState { /** * `(string: )` - Okta API key. */ apiToken?: pulumi.Input; /** * `(string)` - If set, will be used as the base domain for API requests. Examples are `okta.com`, * `oktapreview.com`, and `okta-emea.com`. */ baseUrl?: pulumi.Input; /** * `(string: )` - The mount to tie this method to for use in automatic mappings. * The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. */ mountAccessor?: pulumi.Input; /** * `(string: )` – Name of the MFA method. */ name?: pulumi.Input; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: pulumi.Input; /** * `(string: )` - Name of the organization to be used in the Okta API. */ orgName?: pulumi.Input; /** * `(string: )` - If set to true, the username will only match the * primary email for the account. */ primaryEmail?: pulumi.Input; /** * `(string)` - A format string for mapping Identity names to MFA method names. * Values to substitute should be placed in `{{}}`. For example, `"{{alias.name}}@example.com"`. * If blank, the Alias's Name field will be used as-is. Currently-supported mappings: * - alias.name: The name returned by the mount configured via the `mountAccessor` parameter * - entity.name: The name configured for the Entity * - alias.metadata.``: The value of the Alias's metadata parameter * - entity.metadata.``: The value of the Entity's metadata parameter */ usernameFormat?: pulumi.Input; } /** * The set of arguments for constructing a MfaOkta resource. */ export interface MfaOktaArgs { /** * `(string: )` - Okta API key. */ apiToken: pulumi.Input; /** * `(string)` - If set, will be used as the base domain for API requests. Examples are `okta.com`, * `oktapreview.com`, and `okta-emea.com`. */ baseUrl?: pulumi.Input; /** * `(string: )` - The mount to tie this method to for use in automatic mappings. * The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. */ mountAccessor: pulumi.Input; /** * `(string: )` – Name of the MFA method. */ name?: pulumi.Input; /** * The namespace to provision the resource in. * The value should not contain leading or trailing forward slashes. * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). * *Available only for Vault Enterprise*. */ namespace?: pulumi.Input; /** * `(string: )` - Name of the organization to be used in the Okta API. */ orgName: pulumi.Input; /** * `(string: )` - If set to true, the username will only match the * primary email for the account. */ primaryEmail?: pulumi.Input; /** * `(string)` - A format string for mapping Identity names to MFA method names. * Values to substitute should be placed in `{{}}`. For example, `"{{alias.name}}@example.com"`. * If blank, the Alias's Name field will be used as-is. Currently-supported mappings: * - alias.name: The name returned by the mount configured via the `mountAccessor` parameter * - entity.name: The name configured for the Entity * - alias.metadata.``: The value of the Alias's metadata parameter * - entity.metadata.``: The value of the Entity's metadata parameter */ usernameFormat?: pulumi.Input; }