Class: Akeyless::AuthMethodCreateOIDC

Inherits:

Object

• Object
• Akeyless::AuthMethodCreateOIDC

Defined in:

lib/akeyless/models/auth_method_create_oidc.rb

Overview

authMethodCreateOIDC is a command that creates a new auth method that will be available to authenticate using OIDC.

Instance Attribute Summary

• #access_expires ⇒ Object

  Access expiration date in Unix timestamp (select 0 for access without expiry date).

• #allowed_client_type ⇒ Object

  limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension].

• #allowed_redirect_uri ⇒ Object

  Allowed redirect URIs after the authentication.

• #audience ⇒ Object

  Audience claim to be used as part of the authentication flow.

• #audit_logs_claims ⇒ Object

  Subclaims to include in audit logs, e.g "–audit-logs-claims email –audit-logs-claims username".

• #bound_ips ⇒ Object

  A CIDR whitelist with the IPs that the access is restricted to.

• #client_id ⇒ Object

  Client ID.

• #client_secret ⇒ Object

  Client Secret.

• #delete_protection ⇒ Object

  Protection from accidental deletion of this object [true/false].

• #description ⇒ Object

  Auth Method description.

• #expiration_event_in ⇒ Object

  How many days before the expiration of the auth method would you like to be notified.

• #force_sub_claims ⇒ Object

  if true: enforce role-association must include sub claims.

• #gw_bound_ips ⇒ Object

  A CIDR whitelist with the GW IPs that the access is restricted to.

• #issuer ⇒ Object

  Issuer URL.

• #json ⇒ Object

  Set output format to JSON.

• #jwt_ttl ⇒ Object

  Jwt TTL.

• #name ⇒ Object

  Auth Method name.

• #product_type ⇒ Object

  Choose the relevant product type for the auth method [sm, sra, pm, dp, ca].

• #required_scopes ⇒ Object

  RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve.

• #required_scopes_prefix ⇒ Object

  RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures’ Application ID URI).

• #subclaims_delimiters ⇒ Object

  A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT).

• #token ⇒ Object

  Authentication token (see ‘/auth` and `/configure`).

• #uid_token ⇒ Object

  The universal identity token, Required only for universal_identity authentication.

• #unique_identifier ⇒ Object

  A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example.

Class Method Summary

• ._deserialize(type, value) ⇒ Object

  Deserializes the data based on type.

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #_to_hash(value) ⇒ Hash

  Outputs non-array value in the form of hash For object, use to_hash.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ AuthMethodCreateOIDC constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_body ⇒ Hash

  to_body is an alias to to_hash (backward compatibility).

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #to_s ⇒ String

  Returns the string representation of the object.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Constructor Details

#initialize(attributes = {}) ⇒ AuthMethodCreateOIDC

Initializes the object

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 164

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `Akeyless::AuthMethodCreateOIDC` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!self.class.attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `Akeyless::AuthMethodCreateOIDC`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'access_expires')
    self.access_expires = attributes[:'access_expires']
  else
    self.access_expires = 0
  end

  if attributes.key?(:'allowed_client_type')
    if (value = attributes[:'allowed_client_type']).is_a?(Array)
      self.allowed_client_type = value
    end
  end

  if attributes.key?(:'allowed_redirect_uri')
    if (value = attributes[:'allowed_redirect_uri']).is_a?(Array)
      self.allowed_redirect_uri = value
    end
  end

  if attributes.key?(:'audience')
    self.audience = attributes[:'audience']
  end

  if attributes.key?(:'audit_logs_claims')
    if (value = attributes[:'audit_logs_claims']).is_a?(Array)
      self.audit_logs_claims = value
    end
  end

  if attributes.key?(:'bound_ips')
    if (value = attributes[:'bound_ips']).is_a?(Array)
      self.bound_ips = value
    end
  end

  if attributes.key?(:'client_id')
    self.client_id = attributes[:'client_id']
  end

  if attributes.key?(:'client_secret')
    self.client_secret = attributes[:'client_secret']
  end

  if attributes.key?(:'delete_protection')
    self.delete_protection = attributes[:'delete_protection']
  end

  if attributes.key?(:'description')
    self.description = attributes[:'description']
  end

  if attributes.key?(:'expiration_event_in')
    if (value = attributes[:'expiration_event_in']).is_a?(Array)
      self.expiration_event_in = value
    end
  end

  if attributes.key?(:'force_sub_claims')
    self.force_sub_claims = attributes[:'force_sub_claims']
  end

  if attributes.key?(:'gw_bound_ips')
    if (value = attributes[:'gw_bound_ips']).is_a?(Array)
      self.gw_bound_ips = value
    end
  end

  if attributes.key?(:'issuer')
    self.issuer = attributes[:'issuer']
  end

  if attributes.key?(:'json')
    self.json = attributes[:'json']
  else
    self.json = false
  end

  if attributes.key?(:'jwt_ttl')
    self.jwt_ttl = attributes[:'jwt_ttl']
  else
    self.jwt_ttl = 0
  end

  if attributes.key?(:'name')
    self.name = attributes[:'name']
  else
    self.name = nil
  end

  if attributes.key?(:'product_type')
    if (value = attributes[:'product_type']).is_a?(Array)
      self.product_type = value
    end
  end

  if attributes.key?(:'required_scopes')
    if (value = attributes[:'required_scopes']).is_a?(Array)
      self.required_scopes = value
    end
  end

  if attributes.key?(:'required_scopes_prefix')
    self.required_scopes_prefix = attributes[:'required_scopes_prefix']
  end

  if attributes.key?(:'subclaims_delimiters')
    if (value = attributes[:'subclaims_delimiters']).is_a?(Array)
      self.subclaims_delimiters = value
    end
  end

  if attributes.key?(:'token')
    self.token = attributes[:'token']
  end

  if attributes.key?(:'uid_token')
    self.uid_token = attributes[:'uid_token']
  end

  if attributes.key?(:'unique_identifier')
    self.unique_identifier = attributes[:'unique_identifier']
  else
    self.unique_identifier = nil
  end
end

Instance Attribute Details

#access_expires ⇒ Object

Access expiration date in Unix timestamp (select 0 for access without expiry date)

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 20

def access_expires
  @access_expires
end

#allowed_client_type ⇒ Object

limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 23

def allowed_client_type
  @allowed_client_type
end

#allowed_redirect_uri ⇒ Object

Allowed redirect URIs after the authentication

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 26

def allowed_redirect_uri
  @allowed_redirect_uri
end

#audience ⇒ Object

Audience claim to be used as part of the authentication flow. In case set, it must match the one configured on the Identity Provider’s Application

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 29

def audience
  @audience
end

#audit_logs_claims ⇒ Object

Subclaims to include in audit logs, e.g "–audit-logs-claims email –audit-logs-claims username"

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 32

def audit_logs_claims
  @audit_logs_claims
end

#bound_ips ⇒ Object

A CIDR whitelist with the IPs that the access is restricted to

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 35

def bound_ips
  @bound_ips
end

#client_id ⇒ Object

Client ID

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 38

def client_id
  @client_id
end

#client_secret ⇒ Object

Client Secret

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 41

def client_secret
  @client_secret
end

#delete_protection ⇒ Object

Protection from accidental deletion of this object [true/false]

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 44

def delete_protection
  @delete_protection
end

#description ⇒ Object

Auth Method description

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 47

def description
  @description
end

#expiration_event_in ⇒ Object

How many days before the expiration of the auth method would you like to be notified.

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 50

def expiration_event_in
  @expiration_event_in
end

#force_sub_claims ⇒ Object

if true: enforce role-association must include sub claims

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 53

def force_sub_claims
  @force_sub_claims
end

#gw_bound_ips ⇒ Object

A CIDR whitelist with the GW IPs that the access is restricted to

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 56

def gw_bound_ips
  @gw_bound_ips
end

#issuer ⇒ Object

Issuer URL

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 59

def issuer
  @issuer
end

#json ⇒ Object

Set output format to JSON

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 62

def json
  @json
end

#jwt_ttl ⇒ Object

Jwt TTL

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 65

def jwt_ttl
  @jwt_ttl
end

#name ⇒ Object

Auth Method name

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 68

def name
  @name
end

#product_type ⇒ Object

Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 71

def product_type
  @product_type
end

#required_scopes ⇒ Object

RequiredScopes is a list of required scopes that the oidc method will request from the oidc provider and the user must approve

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 74

def required_scopes
  @required_scopes
end

#required_scopes_prefix ⇒ Object

RequiredScopesPrefix is a a prefix to add to all required-scopes when requesting them from the oidc server (for example, azures’ Application ID URI)

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 77

def required_scopes_prefix
  @required_scopes_prefix
end

#subclaims_delimiters ⇒ Object

A list of additional sub claims delimiters (relevant only for SAML, OIDC, OAuth2/JWT)

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 80

def subclaims_delimiters
  @subclaims_delimiters
end

#token ⇒ Object

Authentication token (see ‘/auth` and `/configure`)

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 83

def token
  @token
end

#uid_token ⇒ Object

The universal identity token, Required only for universal_identity authentication

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 86

def uid_token
  @uid_token
end

#unique_identifier ⇒ Object

A unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a "sub claim" that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 89

def unique_identifier
  @unique_identifier
end

Class Method Details

._deserialize(type, value) ⇒ Object

Deserializes the data based on type

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 397

def self._deserialize(type, value)
  case type.to_sym
  when :Time
    Time.parse(value)
  when :Date
    Date.parse(value)
  when :String
    value.to_s
  when :Integer
    value.to_i
  when :Float
    value.to_f
  when :Boolean
    if value.to_s =~ /\A(true|t|yes|y|1)\z/i
      true
    else
      false
    end
  when :Object
    # generic object (usually a Hash), return directly
    value
  when /\AArray<(?<inner_type>.+)>\z/
    inner_type = Regexp.last_match[:inner_type]
    value.map { |v| _deserialize(inner_type, v) }
  when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
    k_type = Regexp.last_match[:k_type]
    v_type = Regexp.last_match[:v_type]
    {}.tap do |hash|
      value.each do |k, v|
        hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
      end
    end
  else # model
    # models (e.g. Pet) or oneOf
    klass = Akeyless.const_get(type)
    klass.respond_to?(:openapi_any_of) || klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value)
  end
end

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 122

def self.acceptable_attributes
  attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 92

def self.attribute_map
  {
    :'access_expires' => :'access-expires',
    :'allowed_client_type' => :'allowed-client-type',
    :'allowed_redirect_uri' => :'allowed-redirect-uri',
    :'audience' => :'audience',
    :'audit_logs_claims' => :'audit-logs-claims',
    :'bound_ips' => :'bound-ips',
    :'client_id' => :'client-id',
    :'client_secret' => :'client-secret',
    :'delete_protection' => :'delete_protection',
    :'description' => :'description',
    :'expiration_event_in' => :'expiration-event-in',
    :'force_sub_claims' => :'force-sub-claims',
    :'gw_bound_ips' => :'gw-bound-ips',
    :'issuer' => :'issuer',
    :'json' => :'json',
    :'jwt_ttl' => :'jwt-ttl',
    :'name' => :'name',
    :'product_type' => :'product-type',
    :'required_scopes' => :'required-scopes',
    :'required_scopes_prefix' => :'required-scopes-prefix',
    :'subclaims_delimiters' => :'subclaims-delimiters',
    :'token' => :'token',
    :'uid_token' => :'uid-token',
    :'unique_identifier' => :'unique-identifier'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 373

def self.build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  attributes = attributes.transform_keys(&:to_sym)
  transformed_hash = {}
  openapi_types.each_pair do |key, type|
    if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
      transformed_hash["#{key}"] = nil
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[attribute_map[key]].is_a?(Array)
        transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
      end
    elsif !attributes[attribute_map[key]].nil?
      transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
    end
  end
  new(transformed_hash)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 157

def self.openapi_nullable
  Set.new([
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 127

def self.openapi_types
  {
    :'access_expires' => :'Integer',
    :'allowed_client_type' => :'Array<String>',
    :'allowed_redirect_uri' => :'Array<String>',
    :'audience' => :'String',
    :'audit_logs_claims' => :'Array<String>',
    :'bound_ips' => :'Array<String>',
    :'client_id' => :'String',
    :'client_secret' => :'String',
    :'delete_protection' => :'String',
    :'description' => :'String',
    :'expiration_event_in' => :'Array<String>',
    :'force_sub_claims' => :'Boolean',
    :'gw_bound_ips' => :'Array<String>',
    :'issuer' => :'String',
    :'json' => :'Boolean',
    :'jwt_ttl' => :'Integer',
    :'name' => :'String',
    :'product_type' => :'Array<String>',
    :'required_scopes' => :'Array<String>',
    :'required_scopes_prefix' => :'String',
    :'subclaims_delimiters' => :'Array<String>',
    :'token' => :'String',
    :'uid_token' => :'String',
    :'unique_identifier' => :'String'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 329

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      access_expires == o.access_expires &&
      allowed_client_type == o.allowed_client_type &&
      allowed_redirect_uri == o.allowed_redirect_uri &&
      audience == o.audience &&
      audit_logs_claims == o.audit_logs_claims &&
      bound_ips == o.bound_ips &&
      client_id == o.client_id &&
      client_secret == o.client_secret &&
      delete_protection == o.delete_protection &&
      description == o.description &&
      expiration_event_in == o.expiration_event_in &&
      force_sub_claims == o.force_sub_claims &&
      gw_bound_ips == o.gw_bound_ips &&
      issuer == o.issuer &&
      json == o.json &&
      jwt_ttl == o.jwt_ttl &&
      name == o.name &&
      product_type == o.product_type &&
      required_scopes == o.required_scopes &&
      required_scopes_prefix == o.required_scopes_prefix &&
      subclaims_delimiters == o.subclaims_delimiters &&
      token == o.token &&
      uid_token == o.uid_token &&
      unique_identifier == o.unique_identifier
end

#_to_hash(value) ⇒ Hash

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 468

def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end

#eql?(o) ⇒ Boolean

See Also:

• `==` method

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 360

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 366

def hash
  [access_expires, allowed_client_type, allowed_redirect_uri, audience, audit_logs_claims, bound_ips, client_id, client_secret, delete_protection, description, expiration_event_in, force_sub_claims, gw_bound_ips, issuer, json, jwt_ttl, name, product_type, required_scopes, required_scopes_prefix, subclaims_delimiters, token, uid_token, unique_identifier].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 304

def list_invalid_properties
  warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
  invalid_properties = Array.new
  if @name.nil?
    invalid_properties.push('invalid value for "name", name cannot be nil.')
  end

  if @unique_identifier.nil?
    invalid_properties.push('invalid value for "unique_identifier", unique_identifier cannot be nil.')
  end

  invalid_properties
end

#to_body ⇒ Hash

to_body is an alias to to_hash (backward compatibility)

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 444

def to_body
  to_hash
end

#to_hash ⇒ Hash

Returns the object in the form of hash

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 450

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#to_s ⇒ String

Returns the string representation of the object

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 438

def to_s
  to_hash.to_s
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

# File 'lib/akeyless/models/auth_method_create_oidc.rb', line 320

def valid?
  warn '[DEPRECATED] the `valid?` method is obsolete'
  return false if @name.nil?
  return false if @unique_identifier.nil?
  true
end