OpenIdConnectTokenAuthenticationConfig¶

class oci.container_engine.models.OpenIdConnectTokenAuthenticationConfig(**kwargs)¶

Bases: object

The properties that configure OIDC token authentication in kube-apiserver. For more information, see Configuring the API Server.

Methods

__init__(**kwargs) Initializes a new OpenIdConnectTokenAuthenticationConfig object with values from keyword arguments.

Attributes

`ca_certificate`	Gets the ca_certificate of this OpenIdConnectTokenAuthenticationConfig.
`client_id`	Gets the client_id of this OpenIdConnectTokenAuthenticationConfig.
`configuration_file`	Gets the configuration_file of this OpenIdConnectTokenAuthenticationConfig.
`groups_claim`	Gets the groups_claim of this OpenIdConnectTokenAuthenticationConfig.
`groups_prefix`	Gets the groups_prefix of this OpenIdConnectTokenAuthenticationConfig.
`is_open_id_connect_auth_enabled`	[Required] Gets the is_open_id_connect_auth_enabled of this OpenIdConnectTokenAuthenticationConfig.
`issuer_url`	Gets the issuer_url of this OpenIdConnectTokenAuthenticationConfig.
`required_claims`	Gets the required_claims of this OpenIdConnectTokenAuthenticationConfig.
`signing_algorithms`	Gets the signing_algorithms of this OpenIdConnectTokenAuthenticationConfig.
`username_claim`	Gets the username_claim of this OpenIdConnectTokenAuthenticationConfig.
`username_prefix`	Gets the username_prefix of this OpenIdConnectTokenAuthenticationConfig.

__init__(**kwargs)¶

Initializes a new OpenIdConnectTokenAuthenticationConfig object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:

issuer_url (str) – The value to assign to the issuer_url property of this OpenIdConnectTokenAuthenticationConfig.
client_id (str) – The value to assign to the client_id property of this OpenIdConnectTokenAuthenticationConfig.
username_claim (str) – The value to assign to the username_claim property of this OpenIdConnectTokenAuthenticationConfig.
username_prefix (str) – The value to assign to the username_prefix property of this OpenIdConnectTokenAuthenticationConfig.
groups_claim (str) – The value to assign to the groups_claim property of this OpenIdConnectTokenAuthenticationConfig.
groups_prefix (str) – The value to assign to the groups_prefix property of this OpenIdConnectTokenAuthenticationConfig.
required_claims (list[oci.container_engine.models.KeyValue]) – The value to assign to the required_claims property of this OpenIdConnectTokenAuthenticationConfig.
ca_certificate (str) – The value to assign to the ca_certificate property of this OpenIdConnectTokenAuthenticationConfig.
signing_algorithms (list[str]) – The value to assign to the signing_algorithms property of this OpenIdConnectTokenAuthenticationConfig.
is_open_id_connect_auth_enabled (bool) – The value to assign to the is_open_id_connect_auth_enabled property of this OpenIdConnectTokenAuthenticationConfig.
configuration_file (str) – The value to assign to the configuration_file property of this OpenIdConnectTokenAuthenticationConfig.

ca_certificate¶

Gets the ca_certificate of this OpenIdConnectTokenAuthenticationConfig. A Base64 encoded public RSA or ECDSA certificates used to signed your identity provider’s web certificate.

Returns:	The ca_certificate of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str

client_id¶

Gets the client_id of this OpenIdConnectTokenAuthenticationConfig. A client id that all tokens must be issued for.

Returns:	The client_id of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str

configuration_file¶

Gets the configuration_file of this OpenIdConnectTokenAuthenticationConfig. A Base64 encoded string of a Kubernetes OIDC Auth Config file. More info here

Returns:	The configuration_file of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str

groups_claim¶

Gets the groups_claim of this OpenIdConnectTokenAuthenticationConfig. JWT claim to use as the user’s group. If the claim is present it must be an array of strings.

Returns:	The groups_claim of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str

groups_prefix¶

Gets the groups_prefix of this OpenIdConnectTokenAuthenticationConfig. Prefix prepended to group claims to prevent clashes with existing names (such as system:groups).

Returns:	The groups_prefix of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str

is_open_id_connect_auth_enabled¶

[Required] Gets the is_open_id_connect_auth_enabled of this OpenIdConnectTokenAuthenticationConfig. Whether the cluster has OIDC Auth Config enabled. Defaults to false.

Returns:	The is_open_id_connect_auth_enabled of this OpenIdConnectTokenAuthenticationConfig.
Return type:	bool

issuer_url¶

Gets the issuer_url of this OpenIdConnectTokenAuthenticationConfig. URL of the provider that allows the API server to discover public signing keys. Only URLs that use the https:// scheme are accepted. This is typically the provider’s discovery URL, changed to have an empty path.

Returns:	The issuer_url of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str

required_claims¶

Gets the required_claims of this OpenIdConnectTokenAuthenticationConfig. A key=value pair that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value. Repeat this flag to specify multiple claims.

Returns:	The required_claims of this OpenIdConnectTokenAuthenticationConfig.
Return type:	list[oci.container_engine.models.KeyValue]

signing_algorithms¶

Gets the signing_algorithms of this OpenIdConnectTokenAuthenticationConfig. The signing algorithms accepted. Default is [“RS256”].

Returns:	The signing_algorithms of this OpenIdConnectTokenAuthenticationConfig.
Return type:	list[str]

username_claim¶

Gets the username_claim of this OpenIdConnectTokenAuthenticationConfig. JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins.

Returns:	The username_claim of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str

username_prefix¶

Gets the username_prefix of this OpenIdConnectTokenAuthenticationConfig. Prefix prepended to username claims to prevent clashes with existing names (such as system:users). For example, the value oidc: will create usernames like oidc:jane.doe. If this flag isn’t provided and –oidc-username-claim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of –oidc-issuer-url. The value - can be used to disable all prefixing.

Returns:	The username_prefix of this OpenIdConnectTokenAuthenticationConfig.
Return type:	str